Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.
I personally use pass, which uses gpg for encryption and can also use git repositories (I use it with my personal gitea instance).
Keepass with syncthing is GOAT
I would love to use one, but to be honest, I have not found one that I trust, so far.
The perfect "password manager" would require 2FA, has some kind of "online backup" (cloud) that I can host myself and has to be open source. So far nothing really seems to offer all this.
Keepass with key file. I synchronise only the database with cloud servers while the key file stays on my devices and never gets synched. I think that's a good tradeoff for security and convenience.
I use pass which is a frontend for GnuPG. It's sort of primitive and I had to write user interface for it but it's super flexible. Since every password is saved in encrypted file syncing is easy and we use Git to share company passwords amongst ourselves.
It's kinda ridiculous that no one made better system for credentials, soma of requirements policies are ridiculous.
I would never use cloud services if not hosted on my server.
Keepass with custom sync is best option.
Password managers are a great tool for digital hygiene. The main way an average Joe gets his accounts taken over is because it reused the same user and password combination.
I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.
I recommend one. Try to get one without a subscription. I bought the pro version of Enpass before they put up a subscription wall, and I've been riding that one ever since.
I have proton subscription for mail, vpn the works. Just switched to Proton Pass and very happy. Auto creates alias emails on signups so my real email is not out there.
Is it bad that I just love built-in Chrome/Google auto-fill manager? Is this not safe? Autosync to Android does it for me + the fact that i can auto-generate and save/fill passwords seamlessly without having to switch between apps
I use bit warden and I love it. And yes, I would recommend using a password locker. Just make sure you do some research before selecting one.
I just use the Google password manager so i don't have to put everything in every time i log into an app or a website
I dont use password managers.
I just use a set of random words + random numbers, usually something related to the website, the time period (like major global events), maybe just the mood I'm in when I created the password.
Example: For Lemmy, I might use IslandMazeMouse0216 (I do not use the password btw, never used this before and now never will, don't try hacking me lol)
"Island" because the fediverse is like a bunch of islands, that formed together into one fediverse, "Maze" because this shit is confusing, and "Mouse" because the Lemmy logo looks like a mouse, 0216 because of June 12, the day the protest began, 0612, but reversed, but not reversing the 0, so 0 216.
Now I feel dumb for explaining, but also want to hear opinions.
But you see, it doesn't matter. Most websites have login limits so you can't really brute force the password. I just hate "password managers", if I were getting old, I'll probably just put my passwords inside a Standard Notes note, or just put it in a txt and use 7Z AES256 and upload it to a few cloud services.
For offline passwords, like a Windows Veracrypt encryption password, I use 5-8 random words with 5-7 random numbers and increasing the PIM.
For mobile, I use like 16-25 digits numerical pin, alphanumeric passwords are just too hard to type. I've been experimenting with long alphanumeric password + biometric, or a pin, and honestly idk which is better. I don't want someone accessing my phone while I'm sleeping, I might forget to turn off biometrics before I sleep.
I'm not gonna encourage everyone to do what I do, I am not a security expert, just some dude on the internet, but I just want to share how I deal with passwords. Feel free to criticize any flaws. 😅
I use the paid version of bitwarden and would recommend it to anyone who can afford the subscription and two yubikeys.
I would not recommend cloud based password manager. We all know what happened to LastPass. But locally encrypted ones are great. I love to use KeePassXC.
Loving vaultwarden. Easy to share with family for passwords, great browser extension.
Yes, and Bitwarden. Strong master password, with 2FA, and randomly generated passwords for the rest. For deeply personal apps such as banking I do have another localized system though. I moved on from LastPass and never looked back.
Does anyone have recommendation for a password manager that works well on both mobile and desktop? I browse with Firefox and while Lockwise is integrated into Firefox now and works fine on desktop, it's kind of 'eh on mobile in my opinion. It "works" but I find it to be fairly clunky and a lot of the time I need to open the Firefox app and just find the password in there and paste it in.
Does any other application work better for transferring passwords made on desktop to mobile more seamlessly? Looking for better detection of the user/pass via app or website.
I use Bitwarden. Works pretty good on mobile, or at least they don't gate their mobile autofill functionality behind a paywall like LastPass did. It does a great job of recognizing password fill fields for like 95% of the apps I regularly use.
Switched from LastPass to 1Password after their ridiculous security breaches and haven't looked back. 1Password also kindly gave me the first year free after sending them my LP invoice.