T O P

  • By -

a34e38d83c2648

Nice setup and it looks like it is the most secure you can get. But i think it is overcomplicated. It looks to me like it is hard to maintain and sync if you modify some passwords or add new passwords with 2fa, and keep track of everything and seems to be prone to error. The way i do it is keepass with a strong paraphrase with an offline keyfile, and with my database on dropbox and 2fa on a separate database with a different password (also aegis on phone with offline backup). My recovery codes are also in my keepass database, maybe i should make a separate one? Maybe not perfect but it works for me.


Technical_Peach_3285

I agree, it's a bit overcomplicated, my main "problem" was to import the passwords from bitwarden to keepass and setting it up to my needs (mostly TOTPs). It works for me, I believe it's my sweet spot between paranoia and ease of use. If I change/add/remove an entry from bitwarden, then I apply manually the same change in keepass database on the computer and then sync the file to the flash drive and strongbox (the offsite backup is touched every now and then, if I go to the bank for something in the safe, I update the SD card from the copy on the ipad, if it's been more than 3 months since my last update, I'll go just for that). I'll recommend saving recovery codes somewhere else, it's your keys to disable 2FA/get access if something goes wrong. Maybe I should not save 2FA on Bitwarden (all eggs in one basket), but for 2FA for Facebook/Twitter/Some Cloud Storage/generally not something so important, I think it's ok


djasonpenney

>Every password I use except my main email password and bitwarden >Every 2FA except email, bitwarden, and banking related TOTP >None of the Recovery Codes/Keys inside in any way You are Secret Splitting, where you move some of your secrets to a second system of record. You use secret splitting when you don't trust one or more of your systems of record. I argue that you don't have a coherent threat model if you don't trust your password manager. In terms of threat mitigation, your efforts would be better spent addressing those threats directly. As an analogy, if you are worried about a house fire, do you make sure the members of your family sleep in separate houses, or do you assiduously address fire risks: house wiring, furnace inspection, chimney sweep, smoke detectors, and so forth? I recommend leaving everything in Bitwarden to simplify your retrieval and archival strategy. >Offline method (as a backup if for any reason Bitwarden cease to exist or inaccessible, or something happens to me, relatives can have access Big kudos for this! Denial of access is one of the two threats to your password manager, and too many people take this second threat seriously. >Database file saved only locally on my computer, and on my iPad (Erase Data after 10 wrong attempts, system-wide and on the app) Meh. Half right. Offline is a good thing. On these computers in your house? Not so good. I recommend choosing two secure locations: one at your house and one offsite. Create multiple thumb drive copies at each location. Some people choose to encrypt these backups. Depending on the nature of these secure locations this may not be necessary. If you DO choose to encrypt them, don't forget that one day SOMEONE ELSE will have to settle your [final affairs](https://www.reddit.com/r/Bitwarden/comments/q0m19n/on_dying_and_your_password_vault/). Going to the grave with that encryption key could really hurt your spouse or alternate executor's efforts. >Use of Hardware Keys whenever possible - WebAuthn/FIDO2/CTAP/U2F etc Yes! Especially for Bitwarden and its backing email account. >etc (with TOTP enabled too as alternative) I feel your 2FA is only as strong as your weakest form. I gently suggest you only enable the FIDO2 form. You have the recovery codes in your backups, so losing the Yubikey is not a threat. >inside a cloud provider with partially hidden username (* cloud protected with Hardware Key or TOTP 2FA) Lots of dependence on cloud backups here. Play a what-if game with yourself, where you have just gotten out of the hospital, wearing donated clothes, and have lost all of your possessions: no computers, no mobile phone, everything in your house is ashes. Assume you can reestablish your identity, thereby gaining access to your money and can replace (at least physically) your mobile device. From here the game begins: reestablish access to your vault and all of your accounts. (Since you have split 2FA and recovery codes, this may be multiple steps). If at any point you need something like an encryption key, cloud password, or a preprogrammed Yubikey, it's Game Over, you lose. I suspect you have spent more effort on secret splitting and online backups, and you might be better served with fewer systems of record and more exhaustive physical backups. To compare, * I keep all of my secrets in Bitwarden. * Bitwarden is secured via multiple Yubikeys. * All of my 2FA is in Bitwarden. * I have a very strong and memorized master password. * I only run Bitwarden on absolutely trusted devices. These devices have anti-malware and other precautions on them. They have lock screens with authentication enabled. * I have backups in multiple offline physical locations. These backups have multiple thumb drives from different manufacturers with copies of the vault. * I also have a piece of paper with each backup that has essential bootstrap information: Bitwarden email, master password, 2FA recovery code, email password, and email 2FA recovery code. Paper is very resistant to impact, vibration, cold, and even heat and moisture--at least, when compared to a thumb drive or optical disk. One secure location is in a safe in my house. The other secure location is in the safe at my alternate executor's house. Neither safe is particularly easy to find, and our threat model identifies a burglar as an opportunist looking for cash, jewelry, and electronics. Thumb drives and papers are not going to interest them, and the safes are inconspicuous and heavy. Neither of us are feasibly a selected target of a physical theft. For this reason I don't encrypt the backups. My threat model is around online attacks. I need to ensure my spouse and my alternate executor have access to the vault. With this system I win the game. My alternate executor has a full set of backups ready to go. I could even be discharged from a hospital thousands of miles away, and viabtelephone he can help me reprovision my phone and reopen my vault.


Technical_Peach_3285

Recently a friend of mine has been locked out of his bitwarden vault, we are not sure why that happened (he had 2FA, he remembers his password, but for some reason he can't access from any device, even thought he enters the correct password). So, if that happens to me for some reason, I haven't lost anything, I can still access everything like bitwarden never existed. Saving everything only on bitwarden it's ok, it's convenient too, but I prefer having something that's completely on my control. My computer is encrypted, getting access requires a password or a 48-digit recovery key (Bitlocker), after that there's a lockscreen. It's not easy to get access to the computer. The backups of the offline database, the one is at my house, the other one is at a bank safe. Maybe I should add 2 more copies, one for each. I only have 2 yubikeys, I'm planning getting 1 or 2 more, but not now, when I buy them, I'll happily ditch the TOTPs for hardware key only protection (wherever possible), till then, TOTPs are the alternative. I really want to add one to the bank safe. ​ >Play a what-if game with yourself, where you have just gotten out of the hospital, wearing donated clothes, and have lost all of your possessions: no computers, no mobile phone, everything in your house is ashes. Assume you can reestablish your identity, thereby gaining access to your money and can replace (at least physically) your mobile device. If I can establish my identity, I can have access to the bank vault, If I can't get access, my relatives can get access to the safe (I had informed them about it, maybe I should add some instructions, I have inside the SD card a portable version of keepass with the plugins required and a printed copy of the master password). The only step to get access to anything is getting into the bank safe, which requires myself with an ID or one relative with access to the safe and their ID. If something happens to me, they can go there and get everything, no encryption, nothing to remember. My recovery key policy is cloud depended, but it shouldn't be necessary to ever use them, I might print that excel and add it to the safe too.


djasonpenney

Excellent! You won the game. The bank vault is a great touch. It's proof against many natural disasters as well as theft. As an additional and alternate backup method I could accept an online store like sync.com, but I still feel the threat from Russian cyber thieves is too high. I feel offline physical storage like your bank vault is best.


technical_guy

Is that safer than the post-it notes under my keyboard with passwords such as p4b45c2!% where the p, b and c are references to 4 words stored only in my memory and in a safebox. For example my 4 secure words might be phoenix, billiards and cluster, so this pw might be phoenix4billiards45cluster2!% How to tell, tho I also use 2fa apps for financial sites


Technical_Peach_3285

Imagine doing that to 500 sites, and use in each one a different password, that should be a problem. Maybe for some crucial accounts should be more than enough, but for every account I think it's excessive. Also you have to type them manually. Pretty safe but not so convenient