To me his approach / setup is rather simple, it is basically KeePassXC + Aliasing + MFA, password generation and expiry and TOTP are built in functions. Syncing is simple enough (just any clouds), Passkey is optional.
An inherited friction point for Syncing database through encrypted clouds rather than NAS like synology, is that when you access via Android (not sure about IOS), the phone will keep a cache and open the same cache over and over again, rather than opening the latest version.
So personally I prefer using personal NAS to sync across devices, and Cloud will be used as a backup only.
Really? Simpler than what I have suggested? Iâm not even sure thatâs objectively true but this is a subjective matter so I guess I understand. Though I personally cannot see why.
I am not saying @kissuâs approach is âsimpler" than yours, I am simply saying it is simple.
I personally wont rely on cloud based password managers due to their past incidents. There is nothing wrong with your approach, it is just my preference.
If your devices are seized (by the government, criminals, or fire), you will lose access to 2-factor authentication. Itâs sufficient to have a primary and backup password manager, protected by different high-entropy passwords.
I also use 2 password managers but not for the same reasons. 1Password is my default PW manager, and I use Proton Pass to manage my aliases. The only reason I have 2 PW managers is because Proton Pass is not ready to meet my needs and fully replace 1Password, though I wish it was. A lot of 1Password items still canât be imported into Proton Pass. The only password I have memorized is my master password for 1Password.
I think the reason you use 2 password managers makes less sense. But if it gives you peace, I guess thatâs fine. If you actually prefer BitWarden but also use Proton Pass aliases, then it makes sense to use both. But I personally wouldnât use both for passwords.
There is something that I donât quite get with Ente. If I use Ente Photos and have 2FA enabled, does that mean that Ente Auth also has 2FA since itâs the same account? To me, thatâs problematic.
I personally store my 2FA tokens in 2 apps, my password manager (1Password) and my authenticator app (Ente Auth). And I have both apps installed on multiple devices.
That means I canât get locked out of my Ente Auth account.
But for someone who doesnât have that set up, isnât there a risk if they use Ente Photos too?
By SN do you mean Standard Notes? If yes, I think youâre overcomplicating things. I think itâs better to back up your export as a file in your password manager as well as in whatever cloud service your use, assuming itâs E2EE.
On a loosely related topic, Proton has yet to integrate SN into itâs suite of services, but I canât help but wonder what will happen when they eventually do? Especially for those like me who use a Proton Pass alias for their SN account.
With various layers of protection, you should be fine.
IMO, those layers should be strong passphrase, MFA, and installation on multiple devices.
IMO, you should only memorize one strong passphrase for your password manager, and donât bother trying to remember anything else.
If you want a physical backup of your passphrase, I recommend buying a small notebook, that you keep in a locked safe place with your passport. In that notebook, you can write down anything important, like the contact info for your family members, etcâŚ
Additionally, you can write down your master passphrase with an invisible ink pen. That means it can only be read with a UV light. To confuse a potential intruder, you can even write down random stuff on the page with a real ink pen.
I donât think I have ever needed to use my recovery codes. Iâve occasionally had to use recovery phrases / keys, but most of the time those are not the same thing. Either way, I store both in my password manager, and I store them the same way.
I write down my recovery codes in typically two lines of text, with each code separated by a slash, and I save it as ONE password in my password manager. It looks like this:
When it comes to the recovery codes or the recovery keys of your password manager, I would recommend also writing them down in a secret notebook with invisible ink, like I suggesed above.
Proton Pass canât import all of 1Passwordâs data
As I said earlier, Proton Pass doesnât support some of the item types that 1Password supports. I have over 500+ items in 1P, and could only import about 150+ into Proton Pass.
I have IDs, bank accounts, passports, servers, and all kinds of different types of items saved in 1Password. Not just logins. I know that Proton Pass supports some of them now, but itâs unclear if it recognizes these items when importing them from 1Password.
1Password is more customizable.
When I add a login, I tend to add a lot of additional information beyond the password and username that is useful to me. Like the name (if I used a fake name), the fake DOB, the account creation date, the username of the person who invited me if itâs an exclusive website, etcâŚ
I also like to add information about how to contact support, and I like to separate that information from the information about my account. In 1Password, you can also move around entries up or down, and you can create different sections for entries. You canât do that in Proton Pass.
I signed up for Proton Pass when it launched. I knew it would probably not compare to 1Password at launch, but I was hoping that within a couple of years it would match 1Password. There are stills some features missing to me. But still, I remain hopeful it will match 1Passwordâs features.
I also have issues with 1P
That said, I have mild lingering frustrations with 1Password. They have bugs they introduced with 1Password 8, that havenât been fixed after 4 years. I am also concerned about how much venture capital investment the company has received. Even though they are in the security business, I am not sure if I would count them as strong privacy advocates, in that it seems clear to me, they are primarily motivated by profit.
