chore: fill in password-managers post

CHANGELOG

@@ -1,4 +1,34 @@
-Commit: 2d8cd50
+Commit: 7010904
+Author: Rowan Clark
+Mon Dec 26 11:03:16 2022
+Commit subject: 
+chore: fill in password-managers post
+
+Commit: 1409cfe
+Author: Rowan Clark
+Sat Dec 24 12:52:16 2022
+Commit subject: 
+style: prettierformatting
+
+Commit: d21a0ca
+Author: Rowan Clark
+Sat Dec 24 12:45:33 2022
+Commit subject: 
+chore: add update post, init draft pw manager post
+
+Commit: f0a5905
+Author: Rowan Clark
+Mon Nov 28 15:45:33 2022
+Commit subject: 
+add mastadon
+
+Commit: 128a9d3
+Author: Rowan Clark
+Sun Nov 27 13:41:10 2022
+Commit subject: 
+chore: update stack page
+
+Commit: f8b985d
 Author: Rowan Clark
 Mon Nov 7 00:23:49 2022
 Commit subject: 

changelog

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-git log --date=local --format="Commit: "%h%n"Author: "%cn%n%ad%n"Commit subject: "%n%s%n > CHANGELOG.md
+git log --date=local --format="Commit: "%h%n"Author: "%cn%n%ad%n"Commit subject: "%n%s%n > CHANGELOG

drafts/password-managers.md

@@ -1,11 +1,23 @@
 ---
 title: Self host your password manager!
 description: How and why you should self host your own password manager
-date: 2022-12-24
+date: 2022-12-26
 tags:
   - self-hosting
-  - linux
-  - vps-series
   - security
 layout: layouts/post.njk
 ---
+
+tldr: password managers provided by large companies, while convenient and come with some very nice faeatures are very much vulnerable to having data breaches and can have security issues. You don't want that.
+
+You've seen the news, it seems like every other week a company has a data breach or vulnerability discovered. For example LastPass had an incident in August 2022. Whilst the company did a good job of disclosing the fact they had a breach, saying only development material was compromised and that they had no reason to believe any passwords of its users had been stolen, in December 2022 they updated their [post](https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/) stating that some personal information was obtained, such as 'end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service'. Whilst this data isn't classed as critical, it is still data that could be used to aid in another attack on an individual or company. However those that use a weak master password could still have their database [brute forced](https://en.wikipedia.org/wiki/Brute-force_attack). There are other examples that you can find online with a quick Google search.
+
+So what can you do about this? Don't rely on companies to provide security for you. [Self host](<https://en.wikipedia.org/wiki/Self-hosting_(web_services)>) your own password manager. This can either be via an application on your computer or a web based client on a [VPS](https://en.wikipedia.org/wiki/Virtual_private_server). I can recommend [Vaultwarden](https://github.com/dani-garcia/vaultwarden) for hosting on a server. You can install it using [Docker](https://docker.com) with the following commands:
+
+```sh
+docker pull vaultwarden/server:latest
+docker run -d --name vaultwarden -v /vw-data/:/data/ -p a-port-that-is-not-in-use:80 vaultwarden/server:latest
+```
+
+If you are new to Docker, you can follow [this guide](https://kieranrobson.com/docs/docker-and-docker-compose/) by Kieran Robson on installing Docker and Docker Compose.  
+For desktop use I recommend using the cross-platform [KeePassXC](https://keepassxc.org/). Both will prompt you to enter in a master password, for those that haven't used a password manager before, this is the one password you will have to remember, think of it as a key to your database filled with passwords. Make sure this is a strong, but memorable password! If you lose this password your database will be unusable to you and if it is too weak it's vulnerable to being brute forced - especially if you are exposing this over the network.