efinn.net

Author: efinn

  • Password Managers

    Just last week, I changed my personal password manager. It wasn’t a significant change in terms of workflow or effort of migration (KeePass to KeePassXC), but it was significant in that I’ve been sticking with one password manager for nearly 20 years, and finally decided to start using a new one.

    What’s a password manager?

    A password manager is a program (or browser plugin or built-in feature, or some other piece of software) which stores your passwords for you in an encrypted form so that they’re (hopefully) impossible to see without the right credentials.

    In the bad old days before good password managers, people were expected either to simply remember their passwords, or they’d write them down on some piece of paper or in an unencrypted digital document; all of these solutions leave much to be desired for a number of reasons, generally boiling down to a lack of security.

    Local vs Cloud Password Managers

    Now why would I stick with KeePass for those nearly 20 years? Sure, it’s been actively developed and updated over that time, but there also have been other password managers which achieved great popularity over that same time span. For instance, I’ve used LastPass at a previous job, and currently use Bitwarden for my work password manager. The main reason is that I prefer KeePass’s security model.

    Many other password managers also handle synchronizing your data between devices. KeePass, however, just stores your password database as a file. While the former behavior is more convenient, it also requires more trust than the latter. If one product is handling both encryption and synchronization, I need to be sure that I trust that they are keeping the data encrypted in a secure fashion in transit and on their machines. With a password manager that doesn’t handle synchronization, I simply need to trust that whatever is saved to disk is encrypted; even if I don’t trust whatever service I’m using to synchronize the file between devices, I can still feel fairly secure even if I believe that service to be actively hostile.

    This might seem overly paranoid, but LastPass recently suffered a breach in which hackers managed to extract data that was stored in vaults. They didn’t get the passwords themselves (since they were encrypted separately), but they did get URLs and notes, which a user could, and I’d argue should, reasonably expect to have the same level of security as the passwords. In some cases, these notes can be just as sensitive as a password (or are practically an extension of the password), so they should have the same level of protection.

    In my view, the best way to guarantee that you’re not using a service where an employee can be tricked or enticed to give your private data to somebody hostile to you is to make use of the technology at your disposal to ensure that no such employee could theoretically obtain the private data in the first place.

    KeePass vs KeePassXC

    A year or so ago, I got a new laptop which came with Windows 11. I very quickly discovered that it was extremely pushy about getting me to tie a Microsoft web account to that computer. I managed to get the computer set up without doing so, but it required both driving out of range of my home’s WiFi (since I had made the mistake of trusting Windows 11 enough to allow it to connect to the Internet during setup) and looking up an unintuitive and undiscoverable process to avoid this anti-feature.

    In the time since, I’ve heard plenty more bad news about Windows 11. And with end of life for Windows 10 coming up, I’m preparing to switch away from the Microsoft ecosystem for my personal computers. For a while now, I’ve mostly been using Mac or Linux OSs for work, and have gotten more comfortable in that ecosystem (Mac isn’t Linux, but if you’re on the command line there’s a lot of similarity). And with Valve’s Proton building on top of Wine, my main barrier to the Windows to Linux migration is crumbling.

    Unfortunately, KeePass is a Windows-first application; it’s built on the .NET Framework and can be run under Linux via Mono, but I wanted to at least try out an alternative that specifically targets Linux in addition to Windows. KeePassXC works pretty much the same as KeePass, even working with the same file format, but there are a few things that I like about it more than KeePass.

    First, it has a dark mode UI by default. This might seem like a small thing, but when basically everything else on my screen is dark, having a large white rectangle is jarring and, at times, painful.

    Second, it has its own browser integration. With KeePass, you would have to install a third-party plugin to let the database communicate with a browser, and a third party browser add-on (which, incidentally, recently started offering its own paid service). Just installing the KeePassXC-Browser add-on, changing an easy-to-find setting in the application, and linking the two together was pretty easy, comparatively speaking.

    My Recommendations

    Overall, I’m loving KeePassXC. KeePass is also very solid, and if it suits your needs I still wholeheartedly recommend it. With either of these, any sort of file syncing service will do fine; DropBox, Google Drive, or Microsoft OneDrive, for instance.

    If you do want a solution that handles both password storage and syncing, I’d recommend BitWarden; they have applications for every platform, promise end-to-end encryption, and have opened their source code for inspection, which is generally a good sign for security software. This isn’t a recommendation against other services, but I don’t know enough about those to speak on them.

  • Introducing Mimir (the Cat)

    In 2023, I came back from a vacation to a wonderful new housemate; a cat who had been found in a parking lot by a friend who discovered that his owners were unable to keep him. My friend had called him Mimir after the figure from Norse mythology because he had responded well to them making “mimimimi” sounds.

    A grey kitten standing on a hardwood floor.
    Mimir a few days after he came into my life.

    He’s still rather skittish, often startling himself when he accidentally knocks something over. Though he is remarkably well-behaved for a cat; he’s never stolen any of our food, he’s very good about not going onto surfaces he’s not allowed on, he doesn’t try to bolt out when we open doors, and he’s generally very careful about not knocking over items on surfaces he’s allowed on.

    A photo of Mimir (the cat), lying on his back. He's looking at the camera, mouth open, and his head is blurry, suggesting a sudden movement.
    Mimir (the cat) lying on top of a printer, his head very close to the camera.
    Mimir spends a good deal of time on top of my printer, since it’s a good spot from which to watch me while I’m on the computer.

    When he’s not taking one of his many naps, he can pretty reliably be found either next to one of his humans or staring out a window. If somebody’s moving around, he’ll often follow along, tail happily raised with a curved tip. And he’ll generally find a nice spot to lounge wherever he can hang out with one of us, whether that’s on my printer, on the arm of a couch, or on a spare chair.

    Mimir lying on a chair, paws on a windowsill, looking out over a snowy yard.
    He really enjoys getting to watch the outdoors.

    He’s surprisingly easy to train, polite, and considerate. The one difficulty has been trimming his claws, but I’ve been working on getting him more accustomed to having his paws handled, so I’m hoping the claw trimmings will be less of an ordeal over time.

    Overall, he’s been an absolute delight, and I don’t think I could have hoped for a better cat.