Ava on Nostr: If it's mission critical, I use Keepass since it's device only and not in the cloud. ...
If it's mission critical, I use Keepass since it's device only and not in the cloud. There is always a risk with cloud based anything, but I also use and recommend cloud based password managers like Bitwarden and Proton Pass.
It is the classic story of convenience vs privacy, so whether or not you decide to put credit card info in your PWM is dependent on your threat model and risk tolerance. If you use a strong master password with lots of entropy, you are likely going to be okay.
The risk for most people of hackers making off with an encrypted password database from the cloud and it later being cracked with something like a quantum computer is far less than them not using a password manager to create unique, high entropy passwords for every login.
Personally, I am ok with cloud-based PWMs for most things. Though, there are certain passwords and information that I only keep in an air-gapped qube on Qubes. I also keep my cloud based PWM recovery phrase and 2FA app recovery phrase in the air-gapped Keepass vault.
Just remember your OPSEC and keep at least 3 backups.
I also recommend encrypting the backups of the KeePass vault with a kind of multisig encryption where all pieces are required to unencrypt the database file, with the final piece being committed to memory. You can hide these pieces in images or something similar or give them to trusted people. I will not share my method.
This way even if my distributed pieces are somehow compromised, the final piece required to gain access to my already encrypted password database (with master password) is safe with me.
It is similar to the method Snowden used to secure the files he gained access to before sharing them with the world.
In the event of a kidnapping or torture of you, or your loved ones, you could be forced to give up your password, so I also have a contingency plan for that, but that is a secret, and I will keep that to myself.
Published at
2024-08-06 02:17:40Event JSON
{
"id": "aba0f22b89d02ab2205529a19b62cbc797712590bfb35ba4aa2e68df37c73ee5",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1722910660,
"kind": 1,
"tags": [
[
"e",
"de05ab02f62a511b838b25fdaa52614d7a3ac0b66b2f073aab8ab8370a9a3392",
"",
"root"
],
[
"e",
"21a6b7664060b982c35a2c878402f1a978e44b5d342aa33b394213e6fe21669f",
"",
"reply"
],
[
"p",
"fe7f6bc6f7338b76bbf80db402ade65953e20b2f23e66e898204b63cc42539a3"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"72f9755501e1a4464f7277d86120f67e7f7ec3a84ef6813cc7606bf5e0870ff3"
],
[
"monero",
"87uZCgDpcYajfxm1HhC7wPC2SXWqYg13nW7P7LdbBdpdVKnTJioYNLXJ9xXD7wQWS1MWkPH4HLcVwQjh48NDWhqsFgDuass",
"1.0"
]
],
"content": "If it's mission critical, I use Keepass since it's device only and not in the cloud. There is always a risk with cloud based anything, but I also use and recommend cloud based password managers like Bitwarden and Proton Pass. \n\nIt is the classic story of convenience vs privacy, so whether or not you decide to put credit card info in your PWM is dependent on your threat model and risk tolerance. If you use a strong master password with lots of entropy, you are likely going to be okay.\n\nThe risk for most people of hackers making off with an encrypted password database from the cloud and it later being cracked with something like a quantum computer is far less than them not using a password manager to create unique, high entropy passwords for every login.\n\nPersonally, I am ok with cloud-based PWMs for most things. Though, there are certain passwords and information that I only keep in an air-gapped qube on Qubes. I also keep my cloud based PWM recovery phrase and 2FA app recovery phrase in the air-gapped Keepass vault.\n\nJust remember your OPSEC and keep at least 3 backups. \n\nI also recommend encrypting the backups of the KeePass vault with a kind of multisig encryption where all pieces are required to unencrypt the database file, with the final piece being committed to memory. You can hide these pieces in images or something similar or give them to trusted people. I will not share my method.\n\nThis way even if my distributed pieces are somehow compromised, the final piece required to gain access to my already encrypted password database (with master password) is safe with me.\n\nIt is similar to the method Snowden used to secure the files he gained access to before sharing them with the world.\n\nIn the event of a kidnapping or torture of you, or your loved ones, you could be forced to give up your password, so I also have a contingency plan for that, but that is a secret, and I will keep that to myself.",
"sig": "dbaec2cba4070b187997a52ee8e3d971ca50b79288d6a09d539573cf3f4be39c09bca84cfd51315eb1968da11cf5a35e72d57d4b018ea24e527f26b9c33db381"
}