Poi c’è https://lesspass.com/ che non ha bisogno di sincronia perché si basa su parametri conosciuti solo da te e quindi inserisce la password giusta anche se non ha database. Vedi qui per più info:
https://blog.lesspass.com/lesspass-how-it-works-dde742dd18a4#.vbgschksh
P.s. non l’ho mai provato
You can also check lesspass(https://lesspass.com).
It's a password manager that doesn't require any database or synchronization. Username, website and master password together are used as entropy for a 'deterministic random function' that always generates the same password for you.
I really like LessPass.
It is kind of a unique concept where it generates your passwords from the site, username and a master password. This way you don't have to trust any server, it doesn't even have store any information locally.
If you want to selfhost passwords but don't trust yourself, you might be interested in LessPass. I haven't run it yet, but it's on my list of things to investigate. The idea is great, just not sure how the implementation will be. :-)
my opinion, the safest place to keep the password is your head. with help of some algs you can keep passwords complex, try https://lesspass.com there is addon for firefox. its anoying to write into fields every time before login, but its safer than keeping it in the browser for other people to see.
A new hard drive is overkill. As long as you have formatted the drive, there should be no remaining traces of the virus.
As long as your personal files are still intact (meaning you can still open/view them), then they should be fine. As long as you are just transferring pictures, videos, and audio (no executable files) you should be fine.
That would depend. Does your browser automatically save your passwords? If so, then I would strongly suggest changing your passwords. It would be a great time to get a password manager set up, such as BitWarden or LessPass as well.
Before you format though, I would recommend running TronScript at least once. This program will run a few different Virus Scanners and may be able to remove the virus. This way, you will not need to reformat your drive (if it is able to find it). Otherwise, you can format anyway.
It looks like a self-hosted instance but this does bring up a good point, Bitwarden needs a way to separate itself from the self-hosted versions.
We need a proprietary check like what Lesspass does when entering your master password. It shows you symbols to let you know you enter it correctly. This of course will need to be not open-sourced.
You can use lessPass. It does not require any backup or synchronization. You have to remember just one strong master password and it automatically derives the password for each web site.
It's LessPass, not LastPass https://lesspass.com
It's a self-hosted, stateless alternative to password managers- simple concept, but nicely executed. Up to you on weather you trust the hashing algorithm though.
​
But StartPage on the other hand probably should not be in the list. Your right, will PR to get it removed tonight.
You can't really do what you're asking without some private key as you're outlining in A. You've identified the two steps that are necessary: a secure hash function and a reduction function that translates your pseudorandomness into something acceptable to the service you're creating a password for. If you're googling for something that fits your requirements, the phrase you're looking for is "stateless password manager," it is quite likely that any of the first few results will fit your needs.
I'll give it a shot when I have a chance. I do remember an issue last time I tried it, but switching browsers got me through the registration process glitch. Once I got an account registered, it worked ok. Meanwhile, while this isn't exactly a password manager, maybe worth a look for you: https://lesspass.com
Je saute sur ce commentaire pour mentionner LessPass, que j'ai découvert dans le mercredi tech il y a quelque temps. C'est pas un gestionnaire de mots de passe mais un générateur, qui utilise l'adresse du site, le nom d'utilisateur/email et un mot de passe maitre pour générer un mot de passe selon les critères spécifiés (chiffres/majuscules/caractères spéciaux/longueur). Et du coup ca ne stocke rien nulle part. Quand tu veux te connecter, tu dégaines l'appli ou l'extension navigateur, voire directement le site web, et tu re-génères ton mot de passe. Faut juste te rappeler de ton mot de passe maître, et accessoirement de ton login si tu n'utilises pas le même partout.
Après ça marche pas pour stocker des infos types adresses de livraison ou carte bancaire, mais je trouve l'idée vraiment pas mal pour réduire la réutilisation de mots de passe sans trop se compliquer la vie et surtout qui marche sur n'importe quel appareil sans avoir besoin de faire de synchronisation.
I've heard great things about so called 'deterministic' password managers. If you don't want to sync in the cloud, they are handy for that, although they do have drawbacks, as described here:
https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers
Two managers you should research:
Yes, but MasterPassword and LessPass don't store. It's a cryptographic generator. I think at one point Edward Snowden recommended it. PrivacyTools.io recommends them.
Has anyone used lesspass.com? It calls itself a stateless password manager. I would like to know what that means. However, going through its website, I think it "calculates" your password based on the site you use and you have a master password to do the calculation. Its open source.
use this: https://lesspass.com/#/
it helps you generate unique passwords by using the link of the site, your login and a master pass of your choosing.
The extension grabs all that info and you just input the master pass and press generate.
People that like this concept should also check out https://lesspass.com Been using it for a while and it's great. It only (optionally) syncs your config. So you won't have to remember your counter state.
I tried the whole keepass thing. I found it stupid to have to memorize my master password AND my dropbox password (for syncing the password file)
https://lesspass.com/#/ seems promising. Maintained by 2 people, but it's a lot less ambitious than bitwarden because they are just using javascript frameworks, whereas bitwarden has native code for every different platform (how could one guy really maintain that?)
I would recommend checking out LessPass. It derives a password for each site based on the URL, your username and a master password. It doesn't store your passwords at all. It just regenerates the them every time you need to access them. You don't need to worry about syncing your passwords, and you don't need to install a client to access your passwords. Because it's all open-source, you can host it yourself if you don't trust the author or are worried about the site not existing in the future.
A pure function taking a secret and a domain as input and returning a password as output is exactly the idea behind https://lesspass.com and similar services.
These services have the advantage of using a pure function that's very computability expensive (search pbkdf2 or key stretching) compared to swapping a couple of letters making it much harder to deduce the function without knowing the input secret.
As an alternative to something like LastPass, I would suggest checking out LessPass. It doesn't actually store any of your passwords. Instead, it derives a password for each site from your login and a master password. You can configure which characters it uses to generate each password, and you can increment a counter to get new passwords for each site. Those settings are the only thing stored on their servers.
As someone who HATES storing passwords, I use LessPass, which recalculates your passwords based on the information you give it, instead of storing them.
This also means you can access your passwords anywhere, with no hassle.