• mormund@feddit.de
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    7 months ago

    Where do you keep the key file and the PW managers DB? I feel like they would be too much side-by-side to really increase security in my case

    • Rikj000@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 months ago

      I won’t disclose where I store mine.

      But I’d recommend to:

      • Not backup your PW manager’s database + key file in the same location
        (That would decrease security, x1 data breach would allow them to easily brute force your PW DB since they’ll have the key)
      • Not go with a PW manager that does not allow you to choose a location where you desire to backup to (Seen plenty of mainstream PW managers getting data breached by now, so going with a cloud, which is not solely used for PW managers, has an advantage imo, since they tend to be less targeted by hackers)

      I’ve been happily using KeeWeb + Keepass2Android for years now:

    • petrescatraian@libranet.de
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      7 months ago

      @mormund I used to store them in a paper notebook, away from the prying eyes of malware and other shenanigans. Now I also have them in a password manager for easy access in case I need them, if the account supports 2FA TOTP.

      @Rikj000

    • Krafty Kactus
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      You could use a USB drive that you only ever plug in to open the password manager. It’s not the most secure option but it’s a bit better than no key file at all.

      • mormund@feddit.de
        link
        fedilink
        arrow-up
        3
        ·
        7 months ago

        Can’t use it with a phone though. To be honest, I think just having a password manager gives you protection against 99% of the attack surface. And if someone is really determined, I’m not sure the key file will be hard to obtain for them no matter what. But I was curious what setup others have

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          If someone is really determined to attack you specifically they will just get a wrench.

      • voxel
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        7 months ago

        or store the key in a tpm chip protected by password +biometric auth? that’s what kost OSs do for storing passkeys and encryption keys