What are your emergency plans for your password manager?
I was just thinking about my password manager and use of 2FA. If I lost my phone or what if I get in some accident and have amnesia and cannot remember my master password. What would I do?
Any thoughts on solutions to the problem of losing your phone or some emergency medical condition?
I keep all mine in a Keepass file across multiple USB drives that get updated about once a month. Wife has one, one lives at my mothers house, and I keep one on me - at all times airgapped so no risk to have them exfiltrated either. Keepass has some plugins in order to support 2FA as well. This keeps me using unique passwords everywhere, TOTP codes easily accessible, wife can get access to something if she needs; she knows my master password scheme - but is not really a technophile so she doesn’t really want to mess with it unless she has to.
Keepass 2 also has an emergency sheet you can print as well to hide in a safe. It has all of your passwords and master passwords too. Keep another one offsite (plus USB stick with kbdx file) and you’ll be good.
“Keepass2” seems like it’s an Android app. I will never store my passwords on a device which is literally designed to steal your data. Granted, it’s probably still a million times better than trying to trust someone like Lastpass, but I’m paranoid.
Keepass 2 is an open source software for desktop that was ported to Android and iOS. Frankly both phones and desktops spy on you so much I don’t consider either any more secure.
Android has a Linux kernel that sits on top of another locked down kernel which has full access to everything, in binary blobs that prevent recreation of the environment by you or I from source code. There’s a big difference.
Right now I export it periodically to an encrypted flash drive but I know that isn’t sufficient. I run Vaultwarden and back up all my docker volumes hourly and replicate to S3 nightly.
Theoretically I should be able to recover but I need some off those passwords to do so. Ideally local caching or one of my exports should be sufficient but I haven’t had time to actually test this.
Add comment