Jump to content
biob

Best practices for using a password manager?

Recommended Posts

Hi

Was wondering what the best practices are for using password managers?

1)Which ones would you recommend.

2) Where to store the database.

3) Password or key file?

Share this post


Link to post
Share on other sites

I like KeePass as I get to keep the password file locally so can access it whenever I want and don't have to worry about anyone else securing their systems.

Password or keyfile depends on where you are accessing it, if you are going at it from lots of places then you'll need to use a password or distribute the file widely around.

  • Like 1

Share this post


Link to post
Share on other sites

I’m using keypass at the moment 👍🏻 Application and database are on a usb drive. Logic being the files only accessible when needed 🤔 I only use it on one machine and have no intension of using else where. 

I’ve seen posts where people are storing the database in the cloud, which worries me as it removes a layer of protection(in my eyes).

Share this post


Link to post
Share on other sites

Would you say the key file is a better method or just more convenient?

Share this post


Link to post
Share on other sites

I share the file between a couple of machines and a phone so the file isn't really an option.

And the database file just sits on my normal filesystem but I do have drive encryption as a layer of protection.

Share this post


Link to post
Share on other sites

Yeah and theres  a 99.9999% chance your setup/systems are more secure too 😁 I haven’t even scratched the surface of the security rabbit hole 😂 

Share this post


Link to post
Share on other sites

It's all about risk assessment and working out your threats.

If my machine gets popped while running, the database will be unlocked so password or key file won't make a difference.

If the machine is off, then full disk encryption will be a good first layer of protection and someone grabbing it is likely to be a theif who wants it wiped and resold as quick as possible so done care about my passwords.

Suspended, they would have to get past my login creds but would then have access to the unlocked database.

If they steal the file from where it is shared, then a key file would be best but a strong password should be good enough to protect it.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...