At this time I store them in my password manager (keepass) but I get what you’re saying. You’d only need the recovery key if you lost access to your password.
i have a contact book with important people’s phone numbers, addresses, and birthdays. i figured i’ll never fill it out so i have some important ssh keys and my backup codes in the back, working the opposite way of “standard” writing.
My passwords are storaged in a book and encrypted through single tags related to my personal life written in japanese .
If I forgive my passwords i just need to guess them. There’s no way someone can hack a book, know my personal life and be able to read japanese simultaneously.
also, this contact book looks exactly like the other 90123570 journals i have, with one discernible characteristic if you look close enough. it feels safe hanging out with the other journals. hiding in plain sight, i suppose.
This probably shouldn’t be your primary storage, but for an easy and reasonably reliable backup, set up LUKS or Veracrypt encryption on a good, brand name flash drive or SD card and store all your passwords and keys/codes there. You can get almost any password manager to give you a CSV or txt file with all the data in your account. Put the drive somewhere safe and out of the way, not plugged in anywhere.
I use KeePass (+ syncthing to sync with my phone) to manage all my passwords, 2FA, Recovery codes & additional info… etc
I would recommend it (or even a selfhosted version of BitWarden). But if you do not like that solution you could always create an encrypted container like a tomb or a veracrypt one.
I really like tombs for storing things, but is GNU/Linux only so if you need to use it on other systems…
For anyone interested, there’s also gopass: https://www.gopass.pw/ - pass written in go, with some pretty neat improvements, and compatibility with apps that interface with pass.
encrypted database for passwords protected with a strong passphrase
encrypted database for TOTP protected with a strong passphrase
Recovery codes printed stored in a physical location
edit: If you store both passwords and recovery codes in the same database, it wouldn’t be 2FA anymore. If your database was compromised, a malicious actor would have directly access to your accounts due to avoiding 2FA since it could easily use recovery codes.
I have a password + usb key to unlock my passwords. So… in some way it stills some kind of 2FA?
(obviously not as secure, but way better than having them on plaintext. I will also plan to make a paper backup of all)
At this time I store them in my password manager (keepass) but I get what you’re saying. You’d only need the recovery key if you lost access to your password.
Something to improve for sure.
i have a contact book with important people’s phone numbers, addresses, and birthdays. i figured i’ll never fill it out so i have some important ssh keys and my backup codes in the back, working the opposite way of “standard” writing.
My passwords are storaged in a book and encrypted through single tags related to my personal life written in japanese .
If I forgive my passwords i just need to guess them. There’s no way someone can hack a book, know my personal life and be able to read japanese simultaneously.
also, this contact book looks exactly like the other 90123570 journals i have, with one discernible characteristic if you look close enough. it feels safe hanging out with the other journals. hiding in plain sight, i suppose.
You can print them out I guess
Nice try
deleted by creator
trying to get me to reveal where I store my secrets =P
I use my password manager as less room for error
In my mind, the one place that can’t be easily compromised… yet.
If you choose the physical approach to print them out on paper, a good hiding place would be an inconspicuous-looking book in your bookshelf
deleted by creator
This probably shouldn’t be your primary storage, but for an easy and reasonably reliable backup, set up LUKS or Veracrypt encryption on a good, brand name flash drive or SD card and store all your passwords and keys/codes there. You can get almost any password manager to give you a CSV or txt file with all the data in your account. Put the drive somewhere safe and out of the way, not plugged in anywhere.
deleted by creator
Imo thats the most comfortable solution. Just be sure to keep multiple such backups (ideally at different locations) and check them regularly.
I use KeePass (+ syncthing to sync with my phone) to manage all my passwords, 2FA, Recovery codes & additional info… etc
I would recommend it (or even a selfhosted version of BitWarden). But if you do not like that solution you could always create an encrypted container like a tomb or a veracrypt one. I really like tombs for storing things, but is GNU/Linux only so if you need to use it on other systems…
deleted by creator
Really well! I want to try to sync out things with git too. But I would recommend it to anyone bc is dead simple.
Well, a self-hosted version of the API compatible Bitwarden clone because official one only supports MicroSoft SQL Server.
Pass + git could be a cool minimalist one
For anyone interested, there’s also gopass: https://www.gopass.pw/ - pass written in go, with some pretty neat improvements, and compatibility with apps that interface with pass.
Oh, it seams pretty neat! I will give it a try
edit: If you store both passwords and recovery codes in the same database, it wouldn’t be 2FA anymore. If your database was compromised, a malicious actor would have directly access to your accounts due to avoiding 2FA since it could easily use recovery codes.
I have a password + usb key to unlock my passwords. So… in some way it stills some kind of 2FA? (obviously not as secure, but way better than having them on plaintext. I will also plan to make a paper backup of all)
Another password manager
deleted by creator
Why? That’s what a password manager is made for. You might as well just not use one if you’re afraid it could be compromised.
deleted by creator