What's the Jow Forums way of managing passwords? I was thinking of using KeepassXC to generate passwords and store them, syncing .kdbx with Syncthing between devices and having an usb drive hanging from my car keys that also has the .kdbx file to use on public computers.
What is the purpose of using a master key file + password in my particular case? I would store the key file on the same usb as the .kdbx file so that would just defeat the purpose of it, or what you think?
Other urls found in this thread:
>if i install a second lock on my front door and leave the key in plain view on the doorstep, is the second lock pointless?
I'm still using password.
If you want to use password manager on a public pc, how would you manage the databse file and master key file in a way that the key file is not useless?
KeepassXC on my conputer, KeepassDX on my phone, .kbx synced through Nextcloud. Not the safest to use a cloud provider, but it's convenient.
if your keyfile is also encrypted, you gain nothing in security and an extra risk. should your keyfile become corrupted or lost, your password db is inaccessible.
come up with a secure passphrase for your db and use it. a keyfile that you keep right next to your password db is pointless. it doesn't matter if the keyfile is encrypted too.
I store key file locally and sync only db
Never have both on unencrypted storage
THINK, man. what security benefit do you get out of the key file? which scenario does it protect you from? how likely is that scenario? is it worth the tradeoff?
you plug your usb drive into an attacker-controlled public computer. attacker copies your password db and keyfile, then keylogs the passphrase for both when you unlock them. the keyfile did nothing for you.
really ask yourself if there's any way in which having a keyfile is more than just an extra risk of data loss.
Your keyfile should be something easily accessible like the google homepage header or something else common.
>the google homepage header
>use some data that changes all the time as your keyfile
you're stupid
The keyfile is used to enable using the password database only on specific devices.
For example, you enroll a device by copying the (immutable) keyfile onto it via e.g. SSH, then you have your main (mutable) password database on a cloud service. If the latter gets compromised and someone somehow guesses your password, they still can't access your passwords since the keyfile isn't on the cloud.
there. that's how you use a keyfile. keeping it next to your password db is absolutely pointless.
Dont use a master key file if thats your pretend use
Any keepass version is fine
Well that's kind of the question, what's a safe way to use master key and password if I would need to use passwords on a public computer?
don't login to secure accounts from a public computer.
If want to use a keyfile put it in a encrypted volume/disk(usb) dont forget to have a backup and use a cloud to keep it synced also this or if you are going to do it have a tails install on a usb and use it at the public computers
If you really care about security dont use public computer even if you are carrying a tails/whatever install
Looking into using keepass, what is the difference between the keyfile and db? Can I access passwords if I have only one of them? Wanna migrate from LastPass after I've been red pilled, so is there a method of online syncing them or is that just dumb?
Keyfile is a file you need to open your database. Database is the file that holds your passwords.
Thank you. I feel like if someone has an access to my usb and the password I use for the password fatabase, he would probably also have the access to encryption key. Maybe it's just enough or even recommended to just use one password in my case.
True that if I cared enough I wouldn't use public computers at all, but there's times when you really have no choice, like university.
Thank you for the tails tip btw.
Is there some recommended usb stick that can take up some beating and is small enough for keychain, with also reliable memory chip?
Used a build-in passphrase to generate 10 words passphrase as master password.
I have the kdbx file on my compute, thumb drive, my old notebook for game/movie that doesn't connect to the internet and my phone (sd card to be specific).
I change passwords once a year or something like that, so syncing isn't a problem for me.
>having an usb drive hanging from my car keys that also has the .kdbx file to use on public computers
If the public PC has quiet remote viewing, whether legit or by trojan, isn't that a huge security issue for you? My kdbx file is only opened on my own device
The Jow Forums way is to use pass, the standard Unix password manager
Yes that would be a problem. There's no way to bypass that if you NEED to use the publkc computer tho is there? Unless you can boot up the mentioned tails from usb
load on your phone and manually key them in
sucks but it's better than the alternative
why the fuck GNOME Keychain is a thing (and sometimes is forced by shitty enterprise software) when this exists?
I keep trying to come up with a plan in case there's a fire and somehow I don't manage to save anything. Let's say I store bootable flash drives somewhere, like outside in my car and in my shed, along with enough cash to buy a laptop. But then how the fuck do I log into sites that say "unrecognized device. please enter code from text message", when my phone is gone.
Same with genuine 2-factor logins. If it's solid and your phone dies, you're pretty much fucked. Otherwise, it's not really 2-factor if you can talk your way in without the phone.
Damn I miss the good old days when the biggest decision was where to get my daily burger.
Why not self host nextcloud?
I would if I had the hardware for it. I'd also do a NAS setup with Kodi and so on. But as of now, outside provider has to do.
Why not syncthing instead of cloud service?
I keep it all in my head because I'm not a brainlet.
So, you're either rainman or a brainlet.