If you're afraid to experiment with using a or in case you end up getting it wrong and losing access to all the things (I am), how about doing the counter-intuitive thing and start with using it only for the stuff that doesn't really matter. All the burner accounts you create only to comment on blogs and forums on whatever. After a few days/ weeks/ months of creeping up the learning curve and making noob mistakes, you can slowly include your more mission critical stuff.

@strypey This is a really good idea! I got over a lot of the initial stress by exporting the database onto a new flash drive and storing that with my identity documents, but I really like the idea of working with low risk stuff first.

@feonixrift I figure if I start by putting passwords I can recover using my email address into the password manager, it doesn't improve my security much, but it does provide a sandbox for learning how to use the PM safely. Maybe I can try out a few different PMs while transitioning between them is still low risk.

@strypey :) I honestly think this is brilliant .. and being able to pull back out stuff I used once a year ago reliably is one of the things having a password manager has allowed me to do that I never would have been able to do without it. There is still some improvement to your security as well, since it makes using unique passwords easier, and an attacker can more trivially try reused passwords than interfere with an email-based password recovery flow.

@strypey it's always the simplest ideas that are hardest to come up with...

Any recommendations for a pw manager??

Also grrr @ android for autcorrecting to PwC :(

@float13 Hey @wolftune what was that password manager you recommended again?

@strypey @float13

works great, and has superb Firefox integration plugin too, I haven't used Android accessory app from F-Droid but that's a thing also

@wolftune @strypey

Thanks! I think I looked at Keepass a while back and stopped at Windows Only - I didn't know there were cross platform versions too.

@float13 looks like 1.0 was Windows only. While 2.0 is a total rewrite:

2.0 is cross-platform using , which means its written in C#. That seems an odd choice, and reveals its Windows origins, but @wolftune adopted it on the advice of someone who seems to know his tech security pretty well, so ...

@strypey @float13

There's various history and forks. I went through the same hesitation and wonders. Then someone who really knows set me straight and I've never regretted it or revisited the mess.

KeepassXC is the way to go, don't bother with the other versions (Keepass 2, KeepassX, etc). Just go with KeepassXC and be happy

@strypey When I enabled 2FA (software or hardware), I was offered a set of recovery codes at the same time. Could print out and put in a safe place. (Can't remember if all sites did this).

I'm using bitwarden for the PW manager. It also can generate passwords.

@strypey nice suggestion! Maybe I'll go with that. It's mainly one-off sites for which I end up constantly resetting passwords anyway 🔒🤔

Sign in to participate in the conversation
Mastodon - NZOSS

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!