You’ve got all those epic 256 char passwords impossible to crack, but you still need to keep them on a password manager (typically Keepass XC is what most use nowadays I think)
Well, shouldn’t the password to this be something you can remember? I mean you do not want under any circumstance lose access to it. At the same time, if you can remember the password, it may be bruteforceable. It is possible to have 64char decently complex password you can remember, but still, how do you manage this?
I don’t believe in keyfiles for this, or some of those dongle things. Gives me anxiety to think you may lose it and lose all passwords forever. A weaker password you can remember seems better, but it has the obvious compromise of it being a weaker password. You also have to think about keeping a copy in a cloud storage to protect against physical scenario (flood, fire, thieft, your state becomes a totalitarian thing and so follows). Perhaps a special copy with various cloud storage services with keyfiles on different spots. Those tradeoffs must be considered and managed accordingly.
I don’t think this is true at all. Most do not use this. This is a DIY option and hence unsuitable and unfeasible by most.
Absolutely.
Not true. You can let a password manager create a passphrase password that is secure and you can practice memorizing it and having it written down handy until you do. And then you can store that somewhere very safe in a safe or you can throw away the note.
Yes and no. Possible? Sure. To remember? Hard to say and likely not unless its a sentence you can remember.
I let the password manager create a secure password and I practiced to memorize it. Now I have an alphanumeric password that is secure that I did not make that I remember well. This takes effort but is worth it.
That’s why you have backup keys.
That’s why cloud storage solutions are still highly preferred to the likes of Bitwarden, 1Password, or Proton Pass. KeepassXC is also almost pointless if you want to use your password manager on multiple devices and do not set up a DIY sync for the same.
–
I believe I have adequately answered your question. Hope it helps!
Long randomly generated passphrases should be sufficiently secure and relatively easy to remember. Combine that with robust 2FA and you should be just fine. In case you’re unaware, there are additional security measures taken to protect your database which are invisible to you, such as utilizing key derivation functions to derive a master key.
This is to say that while a strong master password is critical, not everything rests solely on it and you probably don’t need to obsess over it too much so long as you’re following standard recommendations. You’d already be going above and beyond what the vast majority of other people bother doing.
Pen and paper + Fireproof/Waterproof Safe
I use KeePassXC and DX. It works for me. I have a strong, not ultra strong master password. Whenever I make a change on one device, I immediately save a new copy in ProtonDrive or OneDrive. Then, I download and merge to the existing one the next time I use one of my other devices. It’s not automatic, but it’s also not difficult or troublesome for me.
Database encrypted with the longest password I can remember😅
What is the use of DX?
Also should you make any changes on KeePassXC? Im using whatever encryption details are given. I don’t see any options in terms of what encryption algorithms are being used to protect the database.
I might be not best person to give advices, not very good in tech. But I use keepas in tails. So for only sensitive things. Database file is encrypted with aes-256 as I know, passwords to apps randomly generated and as long as possible by keepas, database password as long as can be remembered, maybe. Don’t know if needed but hidden also in hidden volume, even longer password.
Edit. Some other tactic I seen is adding to your keepas password let’s say 250 characters, your own password at end, so even if somebody have access to your database with passwords or you don’t trust password managers. They still need to know yours own password
And how do you keep those 250 chars? that is the problem.
KeePassXC is not for mobile. KeepassDX is the fork for Android (and maybe iOS, too?)
I wouldn’t store passes on mobile phones (imo)
My password is a long phrase in a language I invented myself when I was 10 years old. There is your solution 