I honestly prefer to stick to KeePassXC. While you're still secure using your method, you're essentially putting all of your eggs under one basket. I mean you already are by "one password for all your passwords" kinda thing.
However if you want to be more secure, you need to isolate things. Of course the whole point of a password manager is to provide some convenience by using one passphrase(the only one you have to remember) to encrypt your secure randomly generated passwords, and it does.
But you're also using PGP to sign GitHub commits(or maybe you don't do that) or encrypting messages and signing them as well. I still recommend to use KeePassXC over PGP because:
The the algorithm. Argon2 is very good these days.
It can be a lot more secure(at least in my mind) with all the settings you can set.
If you want more convenience you can integrate it into your browser of choice. (Although, I recommend not doing so if you're paranoid)
So, generally you want to separate your baskets. PGP for communication. KeePassXC for credentials. AndOTP for OTP.
To take over your entire digital life, someone would need your passphrase, key file or both to gain access to your KeePassXC database. Then they also have to get your passphrase for your AndOTP backups. And to break your communications they would have to get your PGP keys.
All of which, I'm saying that you're still possibly secure doing this. But putting everything under one basket is a bit dangerous.
It's all about how much convenience you willing to gain by taking away security.
Thanks for your insight, well I'm not that paranoid, I don't use PGP too much so it will be just for encrypting password. Like everything in life all goes down to the trade offs, and for my use case are Ok.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I honestly prefer to stick to KeePassXC. While you're still secure using your method, you're essentially putting all of your eggs under one basket. I mean you already are by "one password for all your passwords" kinda thing.
However if you want to be more secure, you need to isolate things. Of course the whole point of a password manager is to provide some convenience by using one passphrase(the only one you have to remember) to encrypt your secure randomly generated passwords, and it does.
But you're also using PGP to sign GitHub commits(or maybe you don't do that) or encrypting messages and signing them as well. I still recommend to use KeePassXC over PGP because:
The the algorithm. Argon2 is very good these days.
It can be a lot more secure(at least in my mind) with all the settings you can set.
If you want more convenience you can integrate it into your browser of choice. (Although, I recommend not doing so if you're paranoid)
So, generally you want to separate your baskets. PGP for communication. KeePassXC for credentials. AndOTP for OTP.
To take over your entire digital life, someone would need your passphrase, key file or both to gain access to your KeePassXC database. Then they also have to get your passphrase for your AndOTP backups. And to break your communications they would have to get your PGP keys.
All of which, I'm saying that you're still possibly secure doing this. But putting everything under one basket is a bit dangerous.
It's all about how much convenience you willing to gain by taking away security.
But hey! Great article.
Thanks for your insight, well I'm not that paranoid, I don't use PGP too much so it will be just for encrypting password. Like everything in life all goes down to the trade offs, and for my use case are Ok.