password-manager-resources
pass-import
Our great sponsors
password-manager-resources | pass-import | |
---|---|---|
19 | 403 | |
4,009 | 761 | |
1.5% | - | |
7.8 | 8.4 | |
16 days ago | about 1 month ago | |
JavaScript | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
password-manager-resources
-
Don't Fuck with Paste
Even Apple was so annoyed at this themselves that they actually went for a full open-source open-for-contributions GitHub repository at https://github.com/apple/password-manager-resources to get around these issues.
> Many password managers generate strong, unique passwords for people so that they aren't tempted to create their passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't compatible with a website, a person not only has a bad experience but a reason to be tempted to create their password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.
-
YouTubePluginReplacement.cpp: YouTube-specific code in WebKit
https://github.com/apple/password-manager-resources/blob/mai...
For being "quite obscure", I've at least heard of most of these sites before. Banks with "maxlength: 8", you love to see it.
Apple has a list of websites with quirks that don’t support its “generate strong passwords” feature even though there is HTML spec where you can specify the types of passwords you support.
- With Safari 15, it's now dead-easy to switch from LastPass to iCloud Keychain
-
Supreme Court, in a 6–2 ruling in Google v. Oracle, concludes that Google’s use of Java API was a fair use of that material
And JavaScript
-
security.txt
You might be thinking about:
https://github.com/apple/password-manager-resources
or the related:
https://github.com/w3c/webappsec-change-password-url
But mainly if you are responsible for a system and you're willing to do work to improve security your first focus should be "implement WebAuthn so my users can stop worrying about passwords entirely" not "I wonder if more complicated password handling would help somehow?"
pass-import
- End of Life for Twilio Authy Desktop App
-
Command Line Interface Guidelines
That way you can delegate the password handling to another program, e.g. a password manager like pass(1) (https://www.passwordstore.org/) or some interactive graphical prompt.
-
Passit: Open-Source Password Manager
I want to move to something compatible with https://www.passwordstore.org/ - an open standard for keeping your passwords in a folder encrypted with OpenPGP.
The problem is that I'm nervous to give an unknown Android app and browser plugin total control of my passwords and access to my github account when I don't have time to review it's code properly. I have a bit more trust ing the command line tools, but I'd like to be sure that more people are looking at the code before I trust my life to it.
-
Ask HN: Best Password Manager without cloud login?
> Create a system or pattern based on url or brand and mentally hash it into a password.
Doesn't sound very secure. Also when you realize that you anyway have to trust cryptography, I believe it starts making a lot of sense to have an actual cryptographic key and encrypt it with one good random password you learn by heart.
I use pass https://www.passwordstore.org/, which encrypts my passwords with my GPG key, which comes from my Yubikey, which I unlock with a password. That means that I only need to remember one password, and it feels a lot more secure than your pattern based on url or brand.
-
Do you trust password mangers?
i use pass and keep my database on a local git repo. it encrypts your passwords with gpg and is a really simple command line program
- Comment gérez-vous vos mots de passe ?
-
Bitwarden Broken in Linux
0. Pass is just text files encrypted with gpg. I needed just one password on one work computer, where I had my gpg key, but not all my passwords. Decrypted the file and that was it.
1. There are plugins and web clients: https://www.passwordstore.org/#extensions
Why not use some better and entirely open solution, like pass?
https://www.passwordstore.org/
As a user of pass for like 4 years, I enjoy reading all those silly threads on password managers doing this and that. Fantastic. And it’s not even an upgrade to use the GUI app here, I can take any often used password of mine with pure Ctrl + R in my terminal, just a second and it’s here, with no need to do extra backups, all the history is in git, and no party will ever change anything about my passwords.
-
Bitwarden Adds Support for Passkeys
I've been incredibly happy with https://www.passwordstore.org/ for years. The data store is a file hierarchy, with the files themselves encrypted with GPG. Sync is via git. TOTP support with a plugin.
What are some alternatives?
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
gopass - The slightly more awesome standard unix password manager for teams
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
rofi-pass - rofi frontend for pass
Pass4Win - Windows version of Pass (http://www.passwordstore.org/)
KeeWeb - Free cross-platform password manager compatible with KeePass
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
ffpass - Import and Export passwords for Firefox Quantum 🔑
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
Mailspring-Libre - (archived) Mailspring Libre build – aiming at removing Mailspring's dependecy on a central server
syncthing-android - Wrapper of syncthing for Android.
ueberzug - ueberzug is a command line util which allows to display images in combination with X11. The user is expected to have knowledge of theoretical computer science. https://github.com/seebye/ueberzug/wiki/Troubleshooting/119e30f331799b30fb9594db29740685cb09425b