urn:uuid:955ed151-8a26-5025-b75b-b761ec470949 Topic: Authentication and Passwords – Ctrl blog Daniel Aleksandersen https://www.daniel.priv.no/ Copyright © 2021 Daniel Aleksandersen. https://www.ctrl.blog/assets/favicon/favicon.svg 2021-05-24T10:34:00Z weekly 10 urn:uuid:a4b9a7aa-ef70-4671-881b-a744ae0715a8 2021-05-24T10:34:00Z 2021-05-24T10:34:00Z Why KeePass instead of self-hosting Bitwarden Deciding between self-hosting a Bitwarden server or KeePass/KeePassXC as your password manager? The decision comes down to security, complexity, and backups. <p>Here’s why I decided to move my passwords to a KeePass database file instead of using Bitwarden with a self-hosted server. It comes down to keeping my passwords out of the browser, and my setup simple and manageable.</p> <p><a href="https://www.ctrl.blog/entry/keepass-vs-bitwarden-server.html#src=feed">Read more …</a></p> urn:uuid:30538782-c9dd-44a6-9818-157aeeefcea4 2021-05-14T10:11:00Z 2021-05-14T10:11:00Z Your clipboard is only as secure as your device A review/critique of the complexity, security, and unpredictable user experience of modern feature-laden copy–paste clipboards in today’s operating systems. <p>The system clipboard is part of every modern operating system. It lets us copy and paste text, images, files, and data between different applications. Like everything else these days, it’s increasingly getting tied up with other people’s servers (“the cloud.”) So, what does that mean for your clipboard privacy?</p> <p><a href="https://www.ctrl.blog/entry/clipboard-security.html#src=feed">Read more …</a></p> urn:uuid:9a53d927-a9c7-49f4-a79a-6b6e6f14a798 2021-02-23T19:42:00Z 2021-02-23T19:42:00Z Be wary of file sync conflicts with KeePass apps on Android An investigation and comparison into how KeePass-compatible password manager apps for Android handle external changes to an unlocked password vault database. <p>KeePass is a tried and tested open-source encrypted password manager available for Windows. You can also use one of the many forks for Android, iOS, Linux, macOS, and other operating systems. KeePass has created the defacto standard for encrypted password vault/database files (<code>.kdbx</code>). Syncing the vault files between your computers and Android can cause problems with some KeePass apps, however.</p> <p><a href="https://www.ctrl.blog/entry/keepass-file-conflicts-android.html#src=feed">Read more …</a></p> urn:uuid:d4ba67d5-78b1-45a3-ad80-958a43835501 2020-02-17T19:25:00Z 2020-02-17T19:25:00Z How to back up your password manager Plan for the day your password manager stops working. Even if it’s a cloud service! Backing up your password manager is harder that it sounds. <p>Password managers aren’t infallible. They suffer service outages like every other service. Yet, password managers ask their customers to trust them completely. They’re a single point of failure and are difficult to back up.</p> <p><a href="https://www.ctrl.blog/entry/password-manager-backup.html#src=feed">Read more …</a></p> urn:uuid:eca10cee-3e37-4876-956e-4942ae01b38c 2019-07-07T01:08:00Z 2019-08-04T21:15:00Z Feitian MultiPass recall highlights need to use multiple security keys The recall of the Feitian MultiPass FIDO security key demonstrates why you always should use multiple security key products from different vendors. <p>You may remember that I picked up a couple of different security keys last year and wrote about Firefox, Security Keys, U2F, and Google Advanced Protection. One of the keys that I got, the Feitian MultiPass FIDO Security Key, was recalled in May 2019 over a security issue.</p> <p><a href="https://www.ctrl.blog/entry/feitian-multipass-recall.html#src=feed">Read more …</a></p>