Selfhosted

48773 readers

1527 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Reevaluating my password management (sh.itjust.works)

submitted 19 hours ago by [email protected] to c/[email protected]

49 comments fedilink hide all child comments

It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 14 hours ago (1 children)

You also have to keep track the site and how you spell it. For example is it "Microsoft" or "microsoft"?

And keep track of the current name of the site vs the old name. For example am I signing into Microsoft or Live.com or Xbox?

And keep track of my username. Is it my email? Which email? Which username?

I understand the concept but I think if falls apart fast.

[–] [email protected] -1 points 13 hours ago (2 children)

Yup, but most of that is easily solvable by being consistent, e.g. always use lowercase and your email (even if it's not the login for that site). But yes, you need to know to be consistent so it's a good point to make.

[–] [email protected] 2 points 8 hours ago

Hahaha, that's the point of a password manager. If remembering worked, we wouldn't need any of this.

Also, I have 300+ unique logins.

[–] [email protected] 2 points 9 hours ago (1 children)

I have more than 120 electronic identities, impossible to track the counter or to remember the tld of all websites I visit.

The concepts is only useful in a very small and defined scenario.

[–] [email protected] 1 points 8 hours ago

My point is that of those 120 probably 110 have never been compromised nor forced you to change the password due to expiration policies. The remaining 10 are the ones that require some mental gymnastics, so while the problem exists it's not as serious as it sounds. I probably have more than 120 identities using this method since I've been using it for years, and I don't think I ever had to use the counter, it's a matter of being consistent in how you think about websites, for example if you know how you refer to a site slugify it and use that for the field, so you would use spotify, netflix, amazon-prime.