Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've been using KeePassXC on desktop and KeePassDX on Android, synchronized via Syncthing, and it's good, but the thing that makes me squeamish about all password managers is that you're just one software update away from malicious code which uploads all your passwords next time you unlock.


The hackaday community's mooltipass kind of solves this- puts passwords on an external device with a smartcard. The OS never accesses the whole breadth of it, just what's exposed by the hardware.

I think that's the right approach, but I'm not sure I like the hardware. Something I was thinking about was using a pi zero in a small box, that just does something like emulate a keyboard for password-pushing. Give it a small screen and small keyboard for UI.


I have also been using the KeePassXC/Syncthing combo and it works very well, except for iOS which does not have a decent Syncthing client.

This means I have to rely on SMB + VPN to get access to my up-to-date keepass database which is more trouble than I'd like.


I think this can be easily solved using process/app isolation, i.e. KeePassXC doesn't need network connectivity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: