I don’t want to store all my eggs in one basket. Already use a password manager but don’t want to store it there.

Any suggestions?

@MarcellusDrum
link
20
edit-2
2M

A second password manager

@pineapple@sopuli.xyz
creator
link
62M

😎Lol… nice

Dessalines
admin
link
162M

Already use a password manager but don’t want to store it there.

Why? That’s what a password manager is made for. You might as well just not use one if you’re afraid it could be compromised.

@pineapple@sopuli.xyz
creator
link
52M

yeah, I get you but keeping passwords and recovery codes and tokens all together doesn’t seem like a good idea to me.

@Thann
link
72M

Nice try

@pineapple@sopuli.xyz
creator
link
12M

Why? 🤔

@Thann
link
52M

trying to get me to reveal where I store my secrets =P

@murky
link
72M

If you choose the physical approach to print them out on paper, a good hiding place would be an inconspicuous-looking book in your bookshelf

@pineapple@sopuli.xyz
creator
link
32M

Yes, that could be something I can do. Thanks

@AgreeableLandscape
admin
link
7
edit-2
2M

This probably shouldn’t be your primary storage, but for an easy and reasonably reliable backup, set up LUKS or Veracrypt encryption on a good, brand name flash drive or SD card and store all your passwords and keys/codes there. You can get almost any password manager to give you a CSV or txt file with all the data in your account. Put the drive somewhere safe and out of the way, not plugged in anywhere unless you’re actively accessing it.

@pineapple@sopuli.xyz
creator
link
22M

This is a good idea. Thank you

@pinknoise
link
12M

Imo thats the most comfortable solution. Just be sure to keep multiple such backups (ideally at different locations) and check them regularly.

@Lunacy
link
7
edit-2
2M
  • encrypted database for passwords protected with a strong passphrase
  • encrypted database for TOTP protected with a strong passphrase
  • Recovery codes printed stored in a physical location

edit: If you store both passwords and recovery codes in the same database, it wouldn’t be 2FA anymore. If your database was compromised, a malicious actor would have directly access to your accounts due to avoiding 2FA since it could easily use recovery codes.

@SrEstegosaurio
link
22M

I have a password + usb key to unlock my passwords. So… in some way it stills some kind of 2FA? (obviously not as secure, but way better than having them on plaintext. I will also plan to make a paper backup of all)

@pineapple@sopuli.xyz
creator
link
12M

Thank you

⁠ ︎
link
4
edit-2
2M

In my mind, the one place that can’t be easily compromised… at least not yet.

@pineapple@sopuli.xyz
creator
link
12M

lol😂

GadgeteerZA
link
32M

I use my password manager as less room for error

@SrEstegosaurio
link
32M

I use KeePass (+ syncthing to sync with my phone) to manage all my passwords, 2FA, Recovery codes & additional info… etc

I would recommend it (or even a selfhosted version of BitWarden). But if you do not like that solution you could always create an encrypted container like a tomb or a veracrypt one. I really like tombs for storing things, but is GNU/Linux only so if you need to use it on other systems…

@Echedenyan
link
42M

Well, a self-hosted version of the API compatible Bitwarden clone because official one only supports MicroSoft SQL Server.

@SrEstegosaurio
link
12M

Pass + git could be a cool minimalist one

@KLISHDFSDF
link
22M

For anyone interested, there’s also gopass: https://www.gopass.pw/ - pass written in go, with some pretty neat improvements, and compatibility with apps that interface with pass.

@SrEstegosaurio
link
12M

Oh, it seams pretty neat! I will give it a try

@pineapple@sopuli.xyz
creator
link
32M

aah ok. How well does the syncthing work for you? Just wondering :-)

@SrEstegosaurio
link
22M

Really well! I want to try to sync out things with git too. But I would recommend it to anyone bc is dead simple.

m-p{3}
link
12M

Syncthing is one of the few software I can set up and actually forget it’s running and doing it’s thing perfectly in the background. It even auto-update itself.

At this time I store them in my password manager (keepass) but I get what you’re saying. You’d only need the recovery key if you lost access to your password.

Something to improve for sure.

flbn
link
22M

i have a contact book with important people’s phone numbers, addresses, and birthdays. i figured i’ll never fill it out so i have some important ssh keys and my backup codes in the back, working the opposite way of “standard” writing.

kazutrash
link
32M

My passwords are storaged in a book and encrypted through single tags related to my personal life written in japanese .

If I forgive my passwords i just need to guess them. There’s no way someone can hack a book, know my personal life and be able to read japanese simultaneously.

flbn
link
22M

also, this contact book looks exactly like the other 90123570 journals i have, with one discernible characteristic if you look close enough. it feels safe hanging out with the other journals. hiding in plain sight, i suppose.

@marmulak
link
22M

You can print them out I guess

On paper

A loosely moderated place to ask open ended questions

If your post is

  1. Open ended
  2. Not offensive
  3. Not regarding lemmy support (c/lemmy_support)
  4. not ad nauseam inducing (please make sure its a question that would be new to most members)

it’s welcome here!

  • 0 users online
  • 27 users / day
  • 79 users / week
  • 155 users / month
  • 529 users / 6 months
  • 2.13K subscribers
  • 674 Posts
  • 8.65K Comments
  • Modlog