Syncthing + your favorite password manager = Zero-trust password syncing between devices.
Passwords suck, but here's how to make them suck less.
I do network security for a living, and Linux tomfoolery as a hobby. The Pacific Northwest has been my home from day one, and I love it. Currently I'm residing in North Seattle near my workplace, and I've been using Linux in a significant capacity since 2012. I'm a firm believer in taking control of your data and devices and want to see a shift away from cloud services back to something more in direct control of the user instead. That is my primary interest in Linux and my passion; to see simple, user friendly solutions become available that give the user the respect they deserve when it comes to sharing data with other parties. The user gets the choice, not the services. That is my firm belief.
Everyone should be using a password manager. But not all password managers are created equal. There are companies that have been around for a while doing cloud-hosted password management, like Lastpass, or Dashlane. There are browsers that can now remember your passwords for you. There are even biometric authentication methods on your phone that can substitute for a password in most cases. But, they often rely on cloud servers that you have no control over, proprietary software that you can't check yourself to make sure they aren't doing anything untoward to their users, and restrictive policies on how you can use their services. But with the combination of a password manager that keeps your password files local, plus a free (as in beer and speech) peer to peer file synchronization program, you can roll your own "cloud password manager" that you have 100% control over and can't be easily gotten into either over the network, or physically at your machine. In this 45 minute talk I'll briefly go over Syncthing and how I use it to manage and sync my many online account passwords on my many, many, devices.
- 45 min
- LinuxFest Northwest 2019