Comment

Comment on Was it hunter2 or hunter3

Rikj000@discuss.tchncs.de ⁨6⁩ ⁨months⁩ ago

2 words for you: Password Manager

Get around to using one :P

I only remember my password to my PW manager, which additionally is encrypted with a key file to increase security.

The rest of my PWs are 128 character long random generated PWs, with capitals, numbers, special characters etc…

source

Sort:hotnew top

AbsurdityAccelerator@lemmy.world ⁨6⁩ ⁨months⁩ ago
I wish all my passwords were 128 characters. Most sites won’t allow anything that complex. Because apperantly making the password hash field longer is hard /s

source
Badeendje@lemmy.world ⁨6⁩ ⁨months⁩ ago
Yep. Several years ago I switched and it took a little getting used to. But now I would not want it any other way. The plugins in the browsers make it convenient and also a proper app on your mobile and you are set to go. Click on a password field and then you can click on the plugin to fill the fields.

source
mormund@feddit.de ⁨6⁩ ⁨months⁩ ago
Where do you keep the key file and the PW managers DB? I feel like they would be too much side-by-side to really increase security in my case

source
- pipe01@programming.dev ⁨6⁩ ⁨months⁩ ago
  Can always use a service like bitwarden, even their free tier is very good
  
  source
- Rikj000@discuss.tchncs.de ⁨6⁩ ⁨months⁩ ago
  I won’t disclose where I store mine.
  
  But I’d recommend to:
  
  Not backup your PW manager’s database + key file in the same location
  (That would decrease security, x1 data breach would allow them to easily brute force your PW DB since they’ll have the key)
  
  Not go with a PW manager that does not allow you to choose a location where you desire to backup to (Seen plenty of mainstream PW managers getting data breached by now, so going with a cloud, which is not solely used for PW managers, has an advantage imo, since they tend to be less targeted by hackers)
  
  I’ve been happily using KeeWeb + Keepass2Android for years now:
  
  github.com/keeweb/keeweb
  
  github.com/PhilippC/keepass2android
  
  source
- petrescatraian@libranet.de ⁨6⁩ ⁨months⁩ ago
  @mormund I used to store them in a paper notebook, away from the prying eyes of the malware. Now I also have them in a password manager for easy access in case I need them, if the account supports 2FA TOTP.
  @Rikj000
  source
- tkk13909@sopuli.xyz ⁨6⁩ ⁨months⁩ ago
  You could use a USB drive that you only ever plug in to open the password manager. It’s not the most secure option but it’s a bit better than no key file at all.
  
  source
  - mormund@feddit.de ⁨6⁩ ⁨months⁩ ago
    Can’t use it with a phone though. To be honest, I think just having a password manager gives you protection against 99% of the attack surface. And if someone is really determined, I’m not sure the key file will be hard to obtain for them no matter what. But I was curious what setup others have
    
    source
    lud@lemm.ee ⁨6⁩ ⁨months⁩ ago
    If someone is really determined to attack you specifically they will just get a wrench.
    
    source
  - vox@sopuli.xyz ⁨6⁩ ⁨months⁩ ago
    or store the key in a tpm chip protected by password +biometric auth?
    
    source
I_Has_A_Hat@lemmy.world ⁨6⁩ ⁨months⁩ ago
I have tried to use a password manager like 3 separate times now and can never seem to get the hang of it

source