this post was submitted on 29 Jun 2025
50 points (94.6% liked)

Selfhosted

48773 readers
1508 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
50
Reevaluating my password management (sh.itjust.works)
submitted 17 hours ago by [email protected] to c/[email protected]
46 comments fedilink hide all child comments
 

It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -1 points 13 hours ago (1 children)

It's strange how I never see this mentioned anywhere, but there's a way to get unique secure passwords for every site/app without needing to store them anywhere. It's called LessPass, and essentially generates passwords based on 3 fields (site, username, master password) and works relatively well, because the advantages are quite obvious I'll list the potential downsides:

  • If one password is compromised or needs changing for whatever reason you need to increase a counter and need to remember which counter for which site (this is less problematic than it sounds, except in places that have a password policy that forces you to change your password periodically)
  • Android can store the master password and use fingerprint to input it, but in PC you always have to type your master password which can get annoying.
  • You need to change your passwords to this new format, which can take a while, and years down the line you're trying to login somewhere and don't remember if you've already migrated it or not.
[–] [email protected] 4 points 12 hours ago (1 children)

You also have to keep track the site and how you spell it. For example is it "Microsoft" or "microsoft"?

And keep track of the current name of the site vs the old name. For example am I signing into Microsoft or Live.com or Xbox?

And keep track of my username. Is it my email? Which email? Which username?

I understand the concept but I think if falls apart fast.

[–] [email protected] -1 points 12 hours ago (2 children)

Yup, but most of that is easily solvable by being consistent, e.g. always use lowercase and your email (even if it's not the login for that site). But yes, you need to know to be consistent so it's a good point to make.

[–] [email protected] 1 points 6 hours ago

Hahaha, that's the point of a password manager. If remembering worked, we wouldn't need any of this.

Also, I have 300+ unique logins.

[–] [email protected] 1 points 7 hours ago (1 children)

I have more than 120 electronic identities, impossible to track the counter or to remember the tld of all websites I visit.

The concepts is only useful in a very small and defined scenario.

[–] [email protected] 1 points 6 hours ago

My point is that of those 120 probably 110 have never been compromised nor forced you to change the password due to expiration policies. The remaining 10 are the ones that require some mental gymnastics, so while the problem exists it's not as serious as it sounds. I probably have more than 120 identities using this method since I've been using it for years, and I don't think I ever had to use the counter, it's a matter of being consistent in how you think about websites, for example if you know how you refer to a site slugify it and use that for the field, so you would use spotify, netflix, amazon-prime.