I don’t want to store all my eggs in one basket. Already use a password manager but don’t want to store it there.
Any suggestions?
Another password manager
😎Lol… nice
Already use a password manager but don’t want to store it there.
Why? That’s what a password manager is made for. You might as well just not use one if you’re afraid it could be compromised.
yeah, I get you but keeping passwords and recovery codes and tokens all together doesn’t seem like a good idea to me.
- encrypted database for passwords protected with a strong passphrase
- encrypted database for TOTP protected with a strong passphrase
- Recovery codes printed stored in a physical location
edit: If you store both passwords and recovery codes in the same database, it wouldn’t be 2FA anymore.
I have a password + usb key to unlock my passwords. So… in some way it stills some kind of 2FA? (obviously not as secure, but way better than having them on plaintext. I will also plan to make a paper backup of all)
Nice try
Why? 🤔
trying to get me to reveal where I store my secrets =P
If you choose the physical approach to print them out on paper, a good hiding place would be an inconspicuous-looking book in your bookshelf
Yes, that could be something I can do. Thanks
This probably shouldn’t be your primary storage, but for an easy and reasonably reliable backup, set up LUKS or Veracrypt encryption on a good, brand name flash drive or SD card and store all your passwords and keys/codes there. You can get almost any password manager to give you a CSV or txt file with all the data in your account. Put the drive somewhere safe and out of the way, not plugged in anywhere.
This is a good idea. Thank you
Imo thats the most comfortable solution. Just be sure to keep multiple such backups (ideally at different locations) and check them regularly.
In my mind, the one place that can’t be easily compromised… at least not yet.
I use my password manager as less room for error
I use KeePass (+ syncthing to sync with my phone) to manage all my passwords, 2FA, Recovery codes & additional info… etc
I would recommend it (or even a selfhosted version of BitWarden). But if you do not like that solution you could always create an encrypted container like a tomb or a veracrypt one. I really like tombs for storing things, but is GNU/Linux only so if you need to use it on other systems…
Well, a self-hosted version of the API compatible Bitwarden clone because official one only supports MicroSoft SQL Server.
Pass + git could be a cool minimalist one
For anyone interested, there’s also gopass: https://www.gopass.pw/ - pass written in go, with some pretty neat improvements, and compatibility with apps that interface with pass.
Oh, it seams pretty neat! I will give it a try
aah ok. How well does the syncthing work for you? Just wondering :-)
Really well! I want to try to sync out things with git too. But I would recommend it to anyone bc is dead simple.
Syncthing is one of the few software I can set up and actually forget it’s running and doing it’s thing perfectly in the background. It even auto-update itself.
You can print them out I guess
i have a contact book with important people’s phone numbers, addresses, and birthdays. i figured i’ll never fill it out so i have some important ssh keys and my backup codes in the back, working the opposite way of “standard” writing.
My passwords are storaged in a book and encrypted through single tags related to my personal life written in japanese .
If I forgive my passwords i just need to guess them. There’s no way someone can hack a book, know my personal life and be able to read japanese simultaneously.
also, this contact book looks exactly like the other 90123570 journals i have, with one discernible characteristic if you look close enough. it feels safe hanging out with the other journals. hiding in plain sight, i suppose.
On paper
At this time I store them in my password manager (keepass) but I get what you’re saying. You’d only need the recovery key if you lost access to your password.
Something to improve for sure.
