Comment on Password managers less secure than promised
sirblastalot@ttrpg.network 4 days ago
The prospect of putting all my passwords in one big juicy target has always made me nervous. I go to great lengths to just memorize everything, but damn if it doesn’t take a toll.
It is impossible for me to remember all my passwords. Maybe I have more accounts than other people. I remember the most important ones, amongst them a very long password manager DB password that is annoying to enter, especially on mobile.
First time I set up keepass I forgot the password. I still have the DB file without access. But the second time, I was more serious and committed to it, and made sure to remember and use the password. 😅
Yeah to be clear, I do not recommend my method and I don’t think it’s a good allocation of mental resources. I’m just stubborn :P
I just don’t have my passwords on mobile, easy solution. Though I do have Stratum on their for 2FA.
remedia@piefed.social 4 days ago
I was the same way before, but you have to weigh the pros and cons of having proper, long, randomized, unique passwords for each site against the possibility that your database password might be compromised. I only have my password database locally, on removable drives.
So in order to access it, I have to plug in a USB drive (I have backups) which only happens for as long as I need the database, then I unplug it. I also use a keyfile, which is on separate drives, just in case. If anyone wants to access it, they’ll need both the “something I know” (password) and “something I have” (keyfile) which is pretty unlikely.
Not advertising, but I use Keepass.
sirblastalot@ttrpg.network 4 days ago
FWIW, I use Diceware for password generation; it’s good at making memorable yet still random passphrases.