Hi friends,
I'm using on my Linux laptop, Linux workstation and Android phone, the same open source password managers: UPM synchronized via a own database file.

I have several sensitive information in to it, and I often wonder if it's safe, since I don't know the java code below...

What do you think about this?

Many thanks!

I use LastPass. First, they treat Linux as a first class citizen. Second, they were tested by being actually being hacked multiple times, and customer's actual passwords were never taken because they followed secure practices. You can't ask for a better audit then that.

Hi, couple of recommendations:

1. Former question on the topic with a few recommendations
2. Consider placing a technical question into a more technical forum, this one generally is for non-technical questions and topics vary greatly I'd recommend Linux->General or Linux->Software. You can ask a mod to move it if you like by using the Report button. Might give your thread a bit more exposure for additional answers.
3. I recall there was a far older (couple of years) thread on this subject too.

Enjoy!

nice, but why put them on the cloud at all?


is anybody else using this UPM? Opinions?
looks very similar to keepassx, which i'm using.

For the same reason I put my money in banks instead of under the bed.

EDIT: okay, less snarky answer.

I think that this forum's distrust of clouds is similar to why people feel more secure in cars than in airplanes. Cars are objectively much more dangerous, but airplanes take away your control and put you in someone else's hands. Similarly, I can see why a forum full of Linux users (of all people) would want their important data in places that are controlled, exclusively, by themselves.

I consider this to be more or less unfounded. Plus, for access on more than one device, you need to put your passwords online somewhere. If you don't want to use something that's been set up for you, then you need to set it up yourself. Well, am I going to end up with something more secure if I do it myself, or if I hire (yes, hire; I pay LastPass) professional experts who do it for their livelihood?

Another lastpass user. It's extremely convenient since when I reimage, all I need to do is reinstall the plugin and all my passwords are back on the machine. The passwords aren't stored locally and so can't be hacked if my laptop is stolen (unless they hack my password for lastpass). And lastpass has been hacked several times, and no customer data has ever been lost, which makes me confident in their ability to keep my data without it being lost.

I used to use keepassx v2, which is very good (and I still have my password file on my backup drive in case I need it for something) and I used the dropbox application to keep my password file sync'd between machines much like UPM does (from what I read on their site).

I've never used UPM, so can't comment.

maybe snarky, but you put it well (and thanks for the explanation).

your explanation is the reason why i use (and pay) external mail services instead of running my own mail server, but surely a single password file for a single user is an infinitely simpler situation?

still i don't see why the solution outlined e.g. in the previous post would be less secure (esp. since you yourself admitted that lastpass have been hacked, but their password files were secure enough to withstand)?
less convenient, definitely (esp. browser integration sounds very tempting).
i guess it comes down to how safe the password databases themselves are; the rest is convenience.

and yes, sometimes i am the put-your-money-under-the-bed type; but i don't make a religion out of it.