Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Don't use anything that runs in the DMZ (browser), if you care about your secrets.

I use keepassx, which requires manual search, copy, paste but it can store its vault on a cloud drive, mobile etc. and can have a key file or password.



Worth mentioning that one of the major benefits of Keepass is that it is open source. Many of the other providers mentioned here are not.


What do you mean? Autotype is available in KeepassX.


Autotype is a bit risky because it assumes you've got the correct window/element focused. All it takes to expose your passwords is for a pop-up (e.g. instant message) to appear at the right moment.

Even if you don't hit the enter key/submit the form it is still possible for that incorrect window/app to grab your keystrokes.


I had this once, "auto typed" a password into a messenger window. So be careful it can happen at any time. Better use Ctrl+C and Ctrl+V.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: