Welcome to the RD thread!

This is a place for casual random chat and discussion.

A reminder for everyone to always follow the community rules and observe the Code of Conduct.

Image

Mobile apps:

Quick tips:

  • Use Teddit when sharing Reddit links
  • Upload videos to Streamable
  • Miss the wide old.reddit look on desktop? Install this Greasemonkey script

Footnotes:

  • Daily pixel art courtesy of adroitcell
  • Report inappropriate comments and violators
  • Message the moderation team for any issues
  • ein sof@lemmy.worldEnglish
    2·
    1 year ago

    the concerns using 3rd party for saving your login credential is kinda risky. since a possible leak may occur at may mga service provider na nagkaroon na ng ganung sitwasyon

    for me I just use Firefox sync

    The authentication key is transmitted to the server to prove that you own the account. If TLS fails, this might cause the authentication key to be leaked, and someone who intercepts this key could use it to authenticate into your account. However, they can’t use it to access your Firefox Sync data since the encryption key is used to encrypt your data before it leaves your device. This key is never transmitted to the server, so it can’t be leaked if TLS fails.

    • megane-kun@lemmy.worldEnglish
      2·
      1 year ago

      As far as I am aware, for KeePassXC, the database file is handled locally and it’s your responsibility where you’d store your password database file. This password database file is encrypted (when using a master password) and so personally, I’m comfortable putting a synchronized copy onto cloud storage (which also makes it easier syncing across the PC and my mobile devices).

      I assume that this is true for KeePass as well, though I‌ be wrong.

      From the KeePassXC FAQ:

      Why is there no cloud synchronization feature built into KeePassXC?

      Cloud synchronization with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud etc. can be easily accomplished by simply storing your KeePassXC database inside your shared cloud folder and letting your desktop synchronization client do the rest. We prefer this approach, because it is simple, not tied to a specific cloud provider and keeps the complexity of our code low.

      and from a different section of the same FAQ:

      If you sync your database via a cloud provider (Dropbox, Google Drive, Nextcloud, …), you should only sync the KDBX file and distribute the key file to your computers by different means, such as said thumb drive.

      And from their user guide:

      The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.

      ‌ You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.

      I also use a key file to make sure that I’m only accessing my password database on devices I own (to which I copy the key file manually).

      Well, I suppose there’s still some danger, in which case, I think a fully-local syncing solution (something mediated through Syncthing, I guess) can be set up. To be honest, I could have gone that route, but I didn’t bother. I just felt safe enough to store my password database on the cloud, trusting that it’s sufficiently secured via encryption (and that I have a secure enough master password).