What are your strategies to secure your password databases /g/?
I'm looking to finally start using a password manager, but securely backing up my db slightly worries me. Is keeping one backup on a secure external drive and one on a flash drive that I will carry on me at all times a sufficient strategy?
I don't have the luxury of something like a fireproof safe or something as my absolute backup strategy.
Also what about using my logins on my phone? Just regularly sync a copy of my db and use a kpx android port or something for that?
Also is a diceware password really alright for the master password? I know the wiki recommends it but I just want to ask if there any significant downsides before I commit.
>>56305361
Are you aware that lastpass solves all of those problems for you and is way more convenient?
Whatever extra risks you might come up with about storing encrypted copies on external servers, backing up only locally by yourself is way more risky. Because of fires, burglaries and whatnot, just like you yourself pointed out.
And yes, diceware is great. Have your master pw be at least over 25 chars long, and you may also spice up the diceword results by throwing in random characters and misspelling words.
>>56305361
>keepassx
>Copy/paste passwords
>websites read your clipboard
>>56305414
Doesn't Lastpass require a premium subscription for syncing? I know its $1 a month but the idea of leaving a long term paper trail isn't appealing to me.
>>56305450
So what then? Keepass? Or Lastpass like the other anon suggested?
Don't worry OP. You can use the recovery password sent unencrypted to email on many websites if you lose it.
>>56305450
Actually it auto types then
>>56305534
>Doesn't Lastpass require a premium subscription for syncing? I know its $1 a month but the idea of leaving a long term paper trail isn't appealing to me.
I think it's paid for the mobile device sync only. Do you have other ideas for syncing your mobile? If so I'd like to hear them too.
>>56305596
Some keyloggers might still intercept the data, even though keepass uses some kind of protection against that too.
>>56305613
>Do you have other ideas for syncing your mobile? If so I'd like to hear them too.
I don't really want to do it over one of my own cloud accounts either, if it spits out a db file which I can use with the android app version by manually copying it over from my PC to my phone periodically I could learn to live with that.
>>56305414
my password is all that and multiple languages
>>56305661
then it's a great password anon :3
>>56305712
My password is drowssap123
>>56305638
But how is it different from typing it manually then?
>>56305735
That doesn't sound very safe at all! good luck
>>56305755
Well essentially it's not. Gotta have some way to get it into the input field. Lastpass still at least uses some sort of trickery that makes it fool regular keyloggers
Anyone here use Encryptr from Spideroak?
##(code numbers in name)+@+Codeword+code number in name again+username
yea, im a fucking austist
>>56305891
https://spideroak.com/solutions/encryptr
On the subject of keepass is there an addon for firefox? I looked at keefox and it was terrible.
>>56305928
I'm not sure if I really trust 'open source' add ons, android apps, iOS apps, forks, portable apps etc.
>>56305954
You trust closed source more?
>>56305638
if you got malware your all passwords are already fucked
>>56306194
No. Just something stable and audited. The less forks there are, the better the main product will be. Just because it's FOSS doesn't mean it's secure, ain't nobody got time to check every single 'app'.
>>56306247
Of course, but on the other hand if something is closed source then we can only assume it is insecure.