Pat David Avatar
ABOUT ARCHIVE
Theme

Password Management

The virtue of being forgetful

I suck at passwords. To be fair, so does everyone else. Everyone else being bad at passwords doesn’t help me, though. It only increases my awareness every time I hear about the latest data-breach, password leak, or programming error.

The thing is, I know what I should be doing, but the one-two punch of laziness and procrastination constantly seem to beat me into submission.

xkcd: Password Strength
Relevant xkcd. Yes, I know it’s old. Yes, it’s still perfectly valid: math is math.

I know I should be:

The problem is that doing those things is hard. I rely on muscle-memory helping me with passwords that I have to use multiple times every day. I have trouble remembering my anniversary date, much less the complex password for a website I log into once per quarter (October 25th in case my wife is reading). I can measure some of my password ages in years.

Password Reuse
An even scarier relevant xkcd

Sure, I can abuse the “Forgot Password?” button on any of the myriad of sites I might visit and forget about, but that wreaks havoc when I have accounts tied to apps. Particularly mobile/phone apps.

Luckily, there is a solution.

Password Managers

I avoided using a password manager for a long time. I’m not really sure why. Partially out of paranoia and FUD, and probably a bit of worry in giving up control over so many logins. The trick was to realize that I’d be able to replace all of my usernames+passwords with a single master password.

I had a couple of convenience factors that I needed to be available before I could make the switch, though:

There are several well-regarded options for password managers out there, including popular ones like LastPass and 1Password but they’re not Free Software.

KeePassXC

KeePassXC Logo

After a big of digging I finally heard enough good comments about KeePassXC that I figured it was worth a shot. After about two months of using it, my main thought is: why on earth did I wait so long to do this?

The project is Free Software (GPL) and was forked from KeePassX due to stalled response from its single maintainer.

It keeps your passwords in a local encrypted file (AES, Twofish, ChaCha20). They’ve got clients for all the major OS and there’s an iOS app (MiniKeePass (iTunes), also GPL). There’s also a browser extension that communicates with the client allowing access to passwords right in the browser, securely. If the URL is listed with my database entry, it prompts to fill in the username/password for me when I visit the site.

It’s now trivially easy for me to make all of my passwords quite complex (or at least with a nice high entropy of at least 90bits or more). If I’m really concerned about possibly having to manually enter the password somewhere else, I can make arbitrarily long and random passphrases as well (i.e., cold riverbank outcome shrubbery display stoplight upfront).

What’s great is that thanks to my new Nextcloud server, I keep the password file there to sync with all of my machines (even my iPhone). It’s also wild to see just how many logins/passwords you accumulate in your digital life (I’m up to about 65 unique entries at the moment - and most of those would have been variations or the same password not too long ago!).

KeePassXC Browser Integration

The most important part of making this a frictionless adoption is having integration with your browser. Luckily the KeePassXC team have created browser extensions for both Chrome and Firefox to make it trivially easy to use. With the extension installed you can just visit a site and if you have an entry for it in KeePassXC it will prompt you to automatically fill in the username and password.

There’s a Chrome extension as well as a Firefox extension available. They both allow for encrypted message passing between the browser and the KeyPassXC application. This is similar to having the browser remember passwords for you but with the benefit of being cross-browser compatible if you need that sort of thing as well as allowing you to store arbitrary passwords for things not related to a web login.

The extension also offers to add usernames/passwords for you if it’s for a site that is not currently in the database, which is a nice touch.

Easy on the Brain

Ultimately what this means is that my cognizant load can be reduced by quite a bit. I only need to remember one good passphrase/password. In the case of my phone, I can even let biometrics manage that for me. All while my actual passwords can be much more complex and safer.

If you want to take a huge burden off your digital life while making your world more secure at the same time, I’d highly recommend checking out a password manager (seriously, KeePassXC has been great but go with whatever you’re comfortable with).

Addendum

It was pointed out to me after publishing this by @older@mastodon.host on Mastodon that KeePassXC is one of the tools that the EFF recommends for Surveillance Self Defense (this entire site is well worth a read).


Filed under: KeePassXC, password

Nextcloud

I finally got around to setting up my own Nextcloud!

I’ve been a file-syncing service user for a long time. There’s just so much convenience in services like Dropbox and Google Drive. File syncing and access across all of my computers and devices is awesome. The ability to automatically backup all of my phone photos to the account is also awesome.

However… Only having 7GB of available space is not awesome. Relying on a third party to control and protect my data is not awesome. Between space and privacy, I certainly didn’t want to take advantage of automatic photo syncing (particularly with all of the associated metadata and geodata for each image). The theory is great, but the implementation leaves a little to be desired, especially if you care about privacy (which I’ve written about previously).

Uses

My normal uses for a file-syncing service are pretty typical, I think. I’m a big fan of being able to continue computing how I want no matter which machine I happen to be on (work, home, laptop, etc…).

I’ll use it as a temporary file sharing location for quick and easy access (for myself between computers as well as for others). This is particularly helpful when collaborating on something or sharing quick mockups or images with friends and family.

I use Calibre to manage my ebook library, so I keep the entire folder structure there. This gives me access to the library from any other computer, particularly handy when I just need to add more books or transfer them to my devices.

I also finally switched to using a password manager, KeePassXC. It keeps your passwords in an encrypted file, and to maximize its usefulness I need access to the password file on all of my devices, so I’ve been keeping the file on my old Dropbox account.

Really, my main two complaints about using an existing service like Dropbox or Google Drive is storage space and privacy. Luckily, rolling my own service using Nextcloud on my own server solves both of those problems while keeping all of the other advantages.

Enter Nextcloud

I already have a server (Ubuntu 16.04) at home I use for Plex. There’s not a huge load on this server usually, so I figured I’d go ahead and add Nextcloud to the mix.

Nextcloud webpage screenshot

This was way simpler than you might think (though less simple than using the snap). I basically followed the excellent guide from Jason Bayton on installing Nextcloud with:

As Jason writes in the beginning of his page, after completing the guide I had:

patdavid.net Nextcloud login

The project has a client for all major operating systems including my phone (iOS), and appears to have feature parity for the most part (or at least the parts I’m most interested in, anyway). Including the all-important phone-photos automatic upload. Selective sync is one of those features that’s a must-have for me (no need to sync all of those phone photos to all of my other clients).

The web interface is quite nice, and pretty snappy once the caches are built (even when trying to view directories of images in a ‘gallery-style’).

There’s a pretty nice app store available for different ways to extend your installation. One of my favorites is the Notes app that provides a nice, distraction-free writing interface that’s markdown aware.

Overall the setup was a breeze (and, dare I say it, fun?). That’s one less intrusion into my digital life, and one more way for me to take back a little control…


Filed under: Nextcloud, storage, sync

Libre Graphics World

Writing is hard. Just look at the post dates for my own blog posts to see what I mean. It takes discipline and hard work to put together any sort of non-trivial writing. If the topic is about a community as diverse and loosely collected as Free Software projects then the effort is exponential. Most Free Software projects don’t have a media/public relations person to interact with.

Libre Graphics World Logo

Today I wanted to talk briefly about both a writer and a PR person: Alexandre Prokoudine and what he’s doing over at Libre Graphics World.

Alex is the main PR person for GIMP and he’s also the guy I turn to when I need or want to publish something for the project. This is just one hat he wears (there’s many others), but those aren’t the reason I’m writing about him today.

LGW header image

Today I’m referring to his work as a journalist. Alex created Libre Graphics World back in 2009 to cover the rather diverse ecosystem of Free Software for creative professionals. The value in reporting at LGW is the time and research spent not only digging out the most interesting bits of news, but also taking the time to interview people in the projects. The reporting is nicely in-depth and explores various aspects of issues beyond simply copying the changelogs (see his recent article on the recent fork of Valentina, Seamly2D as an example of the depth and background provided in his articles or his awesome review of features for the GIMP 2.9.2 release).

I think this type of reporting and community highlights is extremely important to a healthy Free Software ecosystem. Especially one that focuses on projects for creatives and that spans so many genres.

Alex recently stopped running ads on the site and has now switched over to using Patreon to fund his activities. I think this is a great time to head over to his Patreon page and throw a few dollars a month to help him do what he does! Every little bit helps!


Filed under: LGW, writing

darktable

Happy New Year!

Way back in May of 2017 I made my first commit to start a new project for some friends of mine. Seven months later and we were finally able to publicly push the results: a new website for the awesome folks at darktable! (I already published a post about this on the darktable blog.)

darktable logo
Read more...

Mastodon (Toot! Toot!)

So, I’m on Mastodon. Well, I’ve been on Mastodon for a while now, but thought I’d talk about it briefly here.

On most modern social networks, you are the product. Your habits, friends, and interests are all consolidated, packaged, and sold to anyone willing to pay a few bucks to rent your attention (whether you like it or not). If not you directly, then your habits, likes, dislikes, age, gender, sexual orientation, and the same information for all of the people you may know (including ones you may never had connected on that network).

It’s ridiculous what information you’re giving away for advertisers and marketers to exploit.

Read more...

Cryptography

I updated some old GPG keys last year after using the same 1024-bit RSA key from 2004. (Honestly, I was just impressed that I managed to dig up the private key in order to revoke it.) I had set the new subkeys to expire every year, and while renewing them I took another look around to see if GPG/encryption had gotten any easier.

PGP
As usual, relevant xkcd.

It hadn’t.

Read more...

My Muse

My wife needed a headshot recently for a work related thing. So I broke out some old and simple equipment to do a quick impromptu shoot for her. This is one of the outtakes from that shoot (she didn’t like how her hair looked in this shot so it wasn’t used).

Dot headshot
Dot. (On Flickr) ƒ/6.3 50mm 1250 ISO200
Read more...

Styling Discourse Embeds

Comments were something that I wanted to include on posts from the beginning for PIXLS.US. My problem was how to include comments in a way that would lessen exposing visitors to third party tracking, that would let users control and keep their comments if they wanted, and that would integrate nicely into the community in some way.

Luckily all of those requirements were nicely met by integrating the modern forum software Discourse.

Discourse sketchy logo
Read more...

Atomic Publishing a Static Website

Yes, yes - Static Site Generators are all the rage these days. It seems like there’s (multiple!) options for every language out there (including homegrown options from back in the day).

There’s a bunch of benefits to using them and once you get past thinking you need a “dynamic” site they make perfect sense. I use Metalsmith (NodeJS) for this site and pixls.us. I used Pelican (Python) for gimp.org, and I just got my feet wet with Hugo (Go) for the new digiKam website.

Whichever system you use, the build system normally ends with your website built into a directory. To publish the site you need only transfer that directory of files to your web server. In my case I use rsync to only transfer files (or parts of files) that have changed.

Care should be taken with how the site is updated on the server, though.

Read more...

The Wonderful Art of Pascal Campion

I’ve always had a sensitivity to light. I don’t mean in a Mogwai sort of way, but rather I’ve always felt aware of the feeling and mood that light plays around me.

Gremlins was for kids?!

I think this manifests in my photography when I favor single strong light sources for my subjects. Particularly Rembrandt and side lighting. This also manifests in my seething hatred for overhead fluorescent lighting and a general dislike for direct mid-day sunlight…

This is one of the reasons I am absolutely in love with the art of Pascal Campion. Allow me to (ahem) illustrate why…

Read more...

← Older Posts | Page 2 | Newer Posts →