DEV Community

loading...

I changed my master passwords (and thoughts)

Pacharapol Withayasakpunt
Currently interested in TypeScript, Vue, Kotlin and Python. Looking forward to learning DevOps, though.
・1 min read

Trick is, use TWO password managers

  • First one is server-based BitWarden
  • Second one is file-based KeePassDX, with passphrase generator (actually, I tweaked this myself)

Then, use the passphrase generator in second password manager, BUT DON't use it directly.

Instead, modify the passphrase, or make variations to your likings; so as to make more memorable and funny. (Then store all master password variations.)

I do have a question, though.

How long should MASTER password, that you type in (not copy) often, be?

Next step, is generating PINs, probably - this one is also highly reused.

Discussion (7)

Collapse
moopet profile image
Ben Sinclair

You're saying, use KeePass' password generator but store the passwords in Bitwarden?

Why would you do that? What problem are you trying to solve?

Collapse
patarapolw profile image
Pacharapol Withayasakpunt Author

You can't store master password logging into to that password manager in that pass man.

And you don't want to be locked out of password man.

Collapse
moopet profile image
Ben Sinclair

Now you have two points of attack.

Thread Thread
patarapolw profile image
Pacharapol Withayasakpunt Author • Edited

Getting the hands on *.kdbx won't be easy, unless you really compromised my machine.

Don't know about cloud password store, though. I do have 2FA, and email notifications, but I don't truly trust....

Collapse
patarapolw profile image
Pacharapol Withayasakpunt Author

I also believe that a stronger master password is required for server-based pass man; stronger than file-based pass man.

Collapse
moopet profile image
Ben Sinclair

Cloud-based password managers generally support 2FA. If you're prepared to use a "strong" password for one thing, why not another? What I mean is that even if you believe one needs a strong password, why not use a strong password for both?

Thread Thread
patarapolw profile image
Pacharapol Withayasakpunt Author • Edited

It takes energy to truly remember any new master password, though. I will update master for Keepass later, not now.