If I just use my memory there is no way I will remember a long and unique password for every service I use, but then again using a password manager is a single point of failure where if it gets cracked, all of my passwords are corrupted. So what is the consensus on this? What is the safest approach?
 Nothing Ever Happens Shirt $21.68 |
 UFOs Are A Psyop Shirt $21.68 |
Nothing Ever Happens Shirt $21.68 |
pen and paper
What if I lose the papers? What if someone at my place finds them? What if someone breaks in?
have an repeated unwritten number or small word behind or in front of every password only you know.
and don't lose it, keep a copy if it's a really important password.
steganography, my friend
>What if I lose the papers?
yeah don't do that
>What if someone at my place finds them?
keep them in your document safe (which should not be easy to find, see next point)
>What if someone breaks in?
burglars want your tv, not your netflix password
>What if it's the IRS doing a full house sweep
they can compel you into compliance anyway
If someone breaks into your house specifically to search for and steal your password paper, you probably fricked up really hard somewhere.
This.
My mom has notecards in a little case with tabs that have letters on them and she's never been hacked
Just use the password manager. Yes it's a single point of failure, but it won't get hacked if you do it right.
Which one is good? I looked at LastPass but they ask me to pay money if I want to use it on multiple machines.
>if you do it right
What is doing it right?
Do not use a password manager that isn't FOSS and especially not one that hosts your database on foreign servers.
Selfhosted bitwarden or KeePass 2/xc are the only sane options. For KeePass having your own owncloud/Nextcloud instance is helpful, but you can also make it work using syncthing. If that's not an option using commercial cloud solutions like mega/gdrive etc. is possible as your database is encrypted, but i would still strongly advise against it. It's almost impossible to brute force a way into your hosted cloudserver, but it is possible to brute force through the encryption of the database file.
>but it is possible to brute force through the encryption of the database file.
not with my settings.
if they had a good pc like mine it would still take 3 seconds for each attempt.
now I suppose if someone was dedicating a whole botnet to trying to crack my database, maybe they could accomplish it in my lifetime.
>if they had a good pc like mine it would still take 3 seconds for each attempt.
Very unlikely it takes 3s per attempt if you know what you're doing.
Have you ever tried to brute force a keybase db file? It would take you awhile to crack an 8 character random password. Longer more secure passwords aren’t being cracked in the forseeable future and when they are you can like… reset your passwords.
selfhost bitwarden (https://github.com/dani-garcia/vaultwarden) if you need multiple devices (you can use an rpi or an old ass pc and keep it in LAN to extra safe).
If you do not need multiple devices keepassxc is a fine choice.
backups, as always, are a must
i use keepass, and i keep the password db in dropbox. then i sometimes make a backup of the db file.
>dropbox
I thought cloud storage was really insecure? Isn't that risky?
The file is encrypted
I use gpg with password-store for both passwords and 2 factor authentification, I sync them with syncthing. Also have them backed up on local drives.
Have one time passwords as a backup on pen and paper at a safe location
I hope you have it encrypted with a keyfile
If someone can get their hands on your keepass file, they could just bruteforce it
>>https://invidious.snopyta.org/watch?v=iJoBX2UUN4U
>password was 1986
uh
i should have mentioned that, yes i do use a password and a keyfile
>Not using "forgot my password" to set a new password for every login
>email never arrives
or
>email arrives, set new password
>it doesn't work
A password manager.
There are much better ways to prevent the “one point of failure” issue like TOTP or even a yubikey since at the end of the day even without a password manager you can always get key logged and the computer you input your password into is still a single point of failure. Yes pen and paper has this issue. Your email also likely remains a point of failure due to password reset procedures (setting up 2FA tends to lock these down).
If you’re using a decent 2FA system realistically things like credential theft stop being a significant security threat. Passwords are an intrinsically bad means of authentication and it doesn’t serve one to take their security too seriously.
KeepAssXC + Some cloud
>wälcome to hydraölics press channel :DD
A really good master password for a very strongly encrypted password storage method (be that an encrypted file you sync, something like keepass, or self hosted bitwarden). This way even if someone gets your database of passwords, it'll be impossible to crack, whereas feasibly someone could steal your pen and paper book. The perfect method is all in memory but that's unfeasible if you have more than a few accounts (assuming you aren't reusing passwords)
pass
there are some cool algos to have a "password manager" without a password db (see https://www.guerrillamail.com/tools for an online example) but you'd not be able to change your password on only one of the sites you sign up for.
Use a password manager with a good password you homosexual.
And always double encrypt your backups (don't make an archive, just store the raw chipertext)
Just change them periodically, and keep a keyfile in cold storage. If you change it monthly, your password only has to be good enough to last a brute force attack for that long. Some password managers will allow you to limit the rate at which you can input passwords. So if you set that to 1m that's 43200 tries per month. Also use otp. If you could manage your otp seeds on a secondary device then it's two points of failure. I'm thinking about building an otp device based on a rpi zero with no wireless capability and with an lcd.
use keepassxc, locally store your passwords in an encrypted file, and use either a yubikey or a key file. then make backups of the encrypted files and store them in separate places in cold storage, also preferably in different media formats.
Use KeePass, as it is offline and free as in beer and speech
You can use a thumb drive to sync or a piece of P2P syncing software like Syncthing.
Dont use anything "cloud" based
> someone elses PC
> attractive target for hackers
> service itself is likely to be malicious
Another vouch for KeePass. Available for Windows, Linux, Android and iOS.
Do keep in mind that I believe there is a possible vulnerability if someone has malware/access to your computer while u locked a database which was previously opened. Something about memory deallocation if I'm correct. Not sure if it was fixed.
> malware/acces to your computer
Yeah at that point ur fricked anyways
keepassxc+syncthing
>memorized unique and complex passwords for financial or identity related accounts
>password-store or keepass for everything else
I have a total of 5 passwords in memory and 150 in my password-store. Next step is to separate things out into separate stores like work, personal and homelab or something like that but for now I feel safe enough.
Keepass + own server