Emperor If the NSA is going to ask for your data they won't bother asking for the password, they'll just go to the company holding your data and ask for it, no need for passwords. 😁

      Justin Well there goes the thread, you have to bring truth into it 🀣

        brent if you use a strong master password then you can keep the password database on the cloud

            Justin That's right πŸ™‚
            But passwords are also used to read encrypted files/documents- so in that regard it can be useful.
            Thus you can give someone else the password to decrypt files you send to him via the internet.

                Snoober I don't subscribe to this point of view because

                • Some people think they have a strong password but actually it is not or it can be deducted with some social engineering
                • Once your password DB is in the cloud, it can be downloaded and then the attacker can take all the time he wants to perform his attack and it's cheap and easy to rent CPU/GPU power nowadays or better he can wait for a vulnerability to break or bypass the security. Changing your master password or patching your application won't save you.

                Even if it takes years, once someone evil gets access to your passwords the chance are high that some passwords haven't been changed and for the others, the attacker can see your password style, find some logic in them, see if you reuse some password or use very similar ones, etc.

                This gives a great feeling of being safe while you may have been hacked and be vulnerable.

                There is a very simple rule, consider internet as a public place. Don't put anything you don't want to share with the world on the net.
                Just compare internet to the street. You leave your bicycle on the street, anyone can take it. You attach it with a locker, even a strong one, the chances your bicycle won't be there the next day is high.
                Leave it in your garage (=offline), the chances it get stolen are much lower.

                    Emperor Thus you can give someone else the password to decrypt files you send to him via the internet.

                    Heurm.. Public/private keys are a thing... πŸ˜‰

                        kyrios For me not xD
                        Just that was the first thing that come to my mind for my defence.
                        But I will still admit that Justin nailed it- it looks like against NSA it's useful only if you have something offline- not in the logs of corporations...making it pretty limited.
                        Still tough for everyday security it makes a lot of sense to keep everything you don't want to share locally.
                        But I am still almost wrong about governments/NSA as they really have other ways of accessing your information.
                        So against them can local storage help? If used to store password for Riot for chatting(have no idea if that makes any sense, but I will still throw it here) or something else?

                          Staudey The most general rule for privacy and security after Don't put anything you don't want to share with the world on the net(kyrios)...is probably Don't put all of your eggs in one basket
                          Also you should prefer to generate passwords locally instead from a website + KeePassXC gives you the choice to use ExtendedASCII- making a far more complicated password.

                              I got the joke when I clicked the linkπŸ™‚
                              I have a booklet of good passwords. Eventually I will delegate them into an offline password manager with a traveling kbdx file if necessary.
                              My passwords will never be online. And never be in the cloud on purpose.
                              This sounds like a plan to me.
                              The nsa bothers me not--I am boring all around.***Online trackers building personality/financial profiles of me and you bother me a lot more. Firefox Pocket suggestions and Youtube suggestions terrify me. At least I could diable pocket.
                              kyrios --I love when you chime in with the common sense to remind us all of online decorum/protocol.
                              Thank you all for the fantastic perspectives. I got what I needed: SOLVED.

                              edit: added a bit

                                [deleted]
                                The browser extension allows full control of the manager for those who prefer not installing Snaps, Flatpaks, or AppImages.

                                  You can also consider a stateless password manager like LessPass. No database involved. Personally I use Bitwarden.

                                  MasterPassword doing the job well without backups on any cloud

                                  https://masterpassword.app/

                                  working on iOS, Android, Mac, Desktop, Terminal and Web.

                                  take a look!

                                  edit: terminal version integrated by default on solus could be awesome too