Creat

How do you use your password manager to log into your PC. I mean with the AD password you're changing monthly with "high complexity"? Cause that's the actual problem scenario in enterprises.

If someone asks me to change some normal password, I really don't care, just like you (cause password manager), but the main login scenario just isn't solved with one.

Yup, that's the correct reaction.

I think he meant you can use the android phone as a webcam for Linux. There are apps that let you connect via WiFi, and it essentially proxies the camera out.

"I mean the view is nice, but I'm sure it'll be better from over here"

Moves head slightly to the left

So it's fully on brand for Apple then?

Maybe is recreational fun time for them? I mean the whole thing is literally a hobby for them, right? So seems to check out.

"just export it" sounds so simple, but the required infrastructure is actually incredibly expensive. Also most of Europe is already pretty tightly connected and trade does happen to a significant degree, but I have no idea what the actual percentage is or if it's used to balance oversupply and/or shortages. Kinda hard to find reliable sources for that.

In this context "self host" can ironically mean using a cloud service for hosting. You can use a file based password manager and just sync the database. Solutions like KeePass have apps for many platforms, and they can often even directly load from cloud storage, like Google drive, OneDrive or DropBox. The password database is strongly encrypted, and even if your storage gets compromised, your passwords are still safe (assuming a good password or some then better security was used to encrypt it).

You give up the convenience of having a single service and having to get each device to access the file. But that's it. It's not that hard and so much better than a password service, even if just for their attack surface, or the "likely target" these are.

Ah the Internet classic: calling someone's comment irrelevant, when you clearly haven't even read, or at least not understood it. It isn't that long of a comment. Try reading it again.

Oh whatever, here's another attempt at explaining it: there's a huge difference if my passwords are in a place where people generally keep passwords, or if they are where only my passwords are. If someone has never heard of me, but they attack my cloud-password-solution and get in, they still get my passwords. Someone attacking me personally, if he's truly competent as a hacker, in probably screwed either way. At least he can only attack me, he can't attack "some public thing" and get my stuff "by accident". Think "personal safe in my home" compared to "public bank" (ignoring the fact that a bank is insured and all that for this analogy).

Your second point would be valid if open source didn't exist. First of all I didn't imply that it was inherently safe, I implied that there isn't a single point of trust, which was my would point. Even if you can't read/audit it yourself, there are projects that have public audits by reputable security companies. Plus if there truly were backdoors, assuming a non-tiny user base, someone would've probably noticed.

Then your final point seems to acknowledge the attack surface, but the problem with the "locally encrypted blob" is that this statement from the cloud provider is another thing you just have to believe them on. They might do that, they might not. Many don't even claim that, because people like convenience and want options for password recovery to their password service. those two are mutually exclusive.

Stop using "the cloud" to store your passwords. Unless you control said cloud, you have to trust someone to not fuck up their security that you now depend on. Everyone eventually does.

The difference is also, that someone who's job is storing other people's passwords is by definition a target. So is the fuck up, someone will notice. If you host those yourself, or you rent a place where you can host them for yourself, that is just one person's server. The interest and possible gain for someone gaining access is so small, it's even unlikely. So when you inevitably fuck it up, the chances someone notices before you do are relatively small.

is under active development.

The latest release is from 2018 though? So they just refuse to call something "stable" and everyone has to pick between nightly and beta or something?

She did probably win some local chess-related competition, which technically makes her a "chess champion". See also parks & rec "award winning" meme/quote.

Just typical editorial exaggeration and clickbait, par for the course in today's "journalism". I hate it.