How do you protect your password manager?

Do you keep your password manager on your laptop? Do you isolate it somehow? My concern is that someday i get malware on my pc and steal my password manager database.

How do you prepare for this?

If using a reputable open source and audited password manager, the risk of this happening is almost negligible. And the only reason I don’t say impossible is because nothing is 100% impossible.

Use the right tool with strong credentials and follow good opsec. And that’s how you stay safe and secure and private.

I think your worry is unwarranted unless you’re not sharing something we ought to know.

1 Like

As far as I understand, the password manager database by itself doesn’t hold much value to hackers/malware/whatever. If you use a reputable manager and have a strong master password or passphrase, nobody can extract anything from it because it is encrypted.

However, once you enter your master password and unlock the database, now the contents may be vulnerable. If your machine gets infected, everything that is not actively encrypted is essentially at risk of being compromised.

In my opinion, malware is not a significant concern nowadays. uBlock Origin + common sense (+ Windows Defender if using Windows) can basically render you safe.

1 Like

The password manager does not record the full password of the account
The MFA for the account is saved elsewhere

You can make sure that the computer itself is also secure as a keylogger would defeat a password manager that is simply setup with a plain password.

Then again if you are already compromised, other features can be already be defeated: the keyfile can be stolen, and if you are already compromised the attacker can likely steal the contents after you have opened your password manager.

Having a reasonably secure computer is a good prerequisite for a password manager.

In the past i was using Qubes OS , i was using a disposable VM and opening my password manager from there but Qubes OS drop your battery quickly. This was a major issue for me so i ended up by using secureblue https://secureblue.dev/

I only use their browser with javascript disabled, i installed only app (verified) from Flatpak on the system and that’s it.

The DNS is using the public dns from mullvad with ad-blocking.

This is how most people should setup their system. There is no need to worry about malware if you do the same thing.

Tips : Don’t run a random script in your linux system, don’t click on http website it must start with https, don’t install too much app on your system, If possible do not open your password manager in your browser instead install the app in your system and open it from there it is far more secure, play videos games on a different PC and you will be okay videos games can contain malware Valve removes video game listing suspected of being malware | TechCrunch

As long you follow my instruction you will be safe no need to be paranoid.