Do folks in here use password managers, if so which one would you recommend and why?
is it just me or are there fewer people in here than usual?
I use https://www.passwordstore.org/ . Except I don't and re-wrote it from scratch, but it's completely compatible.
mike-burns: there has to be a good story there
Doubtful. The official program is written using GNU Bash, and I didn't feel like installing that dependency.
I use the Android app, though. It's nice.
On Debian I use the official one.
mnathani: passwordstore on unix and 1password on mac, both are pretty decent, depends on whether a GUI matters to you.
https://qtpass.org/ - this is the passwordstore GUI. It's not bad!
mike-burns: what did you rewrite it in?
Shell.
nice
LastPass here.
The Android app is pretty great.
Their Chrome plugin is pretty terrible, but it works.
Their CLI is actually quite nice.
1password
mildly disappointed there's no CrOS or Linux client
well, the developers do say run it in wine :P
mike-burns sjackso mhoran JC_Denton: thanks for your input
doesnt having as single master password to unlock all other passwords make for one single point of failure
or if that gets compromised folks have access to everything?
@weather auckland
Auckland, New Zealand: Rain ☂ 57°F (14°C), Humidity: 99%, Wind: From the SW at 5.0 MPH Gusting to 13.0 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-36.973896,174.878021 or re-request this with: @weather -v auckland
mnathani: ssh keys are liket hat
a lot of the time people need lots of stupid passwords with various restrictions that make things more complicated
i'm a fan of words and numbers combinations as it's easier to remember for a decent length phrase
I guess Multifactor Authentication helps to protect the master passwor
I use multi-factor auth plus a very long very unique only ever used once password for LastPass.
So sure, if someone gets that password and my YubiKey, I'm in trouble. But also I can pretty easily roll all of my creds and also change them on a regular basis.
well, it's definitely a SPOF
i wish it had some sort of 2FA like U2F
*however*
i think if you only put your "vault" on machines you trust, you should be okay
because if you're owned there with a keylogger or backdoor, imo, you're fucked anyways
also, enable 2FA for your email account and never store your email password in your vault.
most services can have the password reset/get taken over once they have your email account.
if your vault gets owned, you should be able to recover lots of stuff if you still own your email address
mercutio: how's akl going, fairly wet down this way
gizmoguy: we just had a flash storm that just went away again
it was happening about when i did @weather
by we, i mean i.  i'm sure other parts of auckland the sun is shining in :)
my phone notified me it was going to rain tommorow
tommroow being today
it's weird how google does that
yeah google did that for me too
the weather forecast has hardly any rain projected for today
maybe it was just that mini storm
Total rainfall so far today: 3.8 mm. Total rainfall forecast for today: 6.5 mm
that doesn't seem a lot
but it's damn cold too
winter is coming.
mmmm
how's hamilton?
it's actually ok right now
very wet from 10am till 12pm
That's what she said!!
haha
heh
last year was actually very mild winter here
mjp_: i prefer to run my own mail server ;)
hardly any storms, the year before was insane
JC_Denton: do you have multiple relays etc?
just one
do you guys have dkim etc setup for your personal mail servers?
yep
i only sign for a couple of my domains though
yeah the complexity has gone up a lot over time