[vinay_ys]

It is much better to use a password manager than trying to remember poorly crafted passwords in your head. But also really/truly remember not to really put all your eggs in one proverbial basket.

Password managers are not without dangers:

1. If you forget your master password or secret key (you need both to setup a new device), you are screwed.

2. If the password manager cloud sync service (like 1password) decides to cancel your account for whatever reason, you are screwed.

3. If the password manager allows silently keeping replicas on devices you don't know about, you are screwed.

4. If your password manager logs your sign-in access patterns along with your IP addresses (even from behind your fancy VPNs), you are screwed.

5. If you are storing your password, your 2FA secret, and your recovery keys - all in the same password manager, you are royally screwed when that password manager is compromised.

6. If you lose your device, or device gets damaged etc and you don't have a copy of your vault, you are screwed.

Remember – supply chain attacks (example: password manager company's office gets hacked, and their signing key gets stolen and a trojan update is delivered to your machine) will happen some day (may have already happened) and all your passwords will be stolen. Just assume that and behave accordingly.

[CGamesPlay]

I somewhat recently made my personal disaster recovery plan, and the password manager features prominently into it. If I lose all of my electronic devices in a sudden accident, how can I recover my online life? To address your questions specifically:

1. I used Shamir's secret sharing to send out a copy of my secret key to a few loved ones. The master password is in my memory only. If I forget the master password, I lose.

2. I use 1Password, and they say they make accounts read-only once you stop paying. If they did actively delete my account, my devices have a local copy. If I lose my devices and they delete my account at the same time, I lose.

3. I don't know what you're imagining, but you need the data, secret key, and master password to have this be a concern.

4. This has nothing to do with my threat model, I'm afraid. I can't imagine a world in which knowing my IP address leads to decrypting my password vault.

5. I am and this is correct. If there's a vulnerability in the cryptography used by 1Password, I lose. As you said, if there's a trojan update, I lose.

6. This is the same as 1 and 2.

All things considered, as a regular person who is concerned about protection from thieves and not especially concerned about being a target of governments, I am OK with these risks.

[vinay_ys]

> All things considered, as a regular person who is concerned about protection from thieves and not especially concerned about being a target of governments, I am OK with these risks.

As a regular person, you have to consider these possible attacks on your money/data:

1. Attacker is a person in your life – friend/family/acquaintance – targeted you specifically. Attack may not be very sophisticated and maybe easy to defend against if basic hygiene is followed.

2. Attacker is a remote entity – people who you don't know personally – you were not targeted personally – but you became a target because you are part of a cohort they targeted – nothing personal. Attack of this form can be quite sophisticated.

3. Thief is a govt entity (foreign or domestic) – because you were targeted directly or because you are connected to someone who was targeted directly. More than technical mechanism there are legal mechanisms at play here.

#2 is a very big threat. A password manager service company is a very attractive target for them. Imagine the recent SolarWinds Orion supply chain attack being done by an underground cyber criminal group and being chained together to compromise your favorite password manager service stack.

[cubic]

My least-effort solution to most of these issues is to be storing hard copies of the password to my primary email in different places and using 2FA.

Then if my password manager does get nuked or compromised, I can "restore" my accounts by using the "forgotten password" feature for most places. If I get trojaned, what are they really going to do with my accounts? The majority of things of importance are behind 2FA anyway, and I'm not a public enough figure that any of my data that isn't is of any importance anyway.

[waynesonfire]

How did you encode messages for (1)? Did you provide instructions? Did you keep a copy?

[CGamesPlay]

There's a ton of online sites for it. I used something custom, but the first result on google seems like it would work just fine. https://iancoleman.io/shamir/

I kept a copy of the combined secret... it's the secret key to my password manager. I do have a plain-text document that fully describes the steps to restore my identity, but it's addressed to myself. My goal is to get my own identity back, not to prepare for my own death.

[tobib]

> 4. If your password manager logs your sign-in access patterns along with your IP addresses (even from behind your fancy VPNs), you are screwed.

Can you explain why one would be screwed in this case?

[vinay_ys]

In this case, screwed w.r.t privacy (your credentials may still be safe). But you may become a target because of your sign-in activities which are no longer private.

[GekkePrutser]

A lot of these are easily mitigated by running your own password manager. They're just general drawbacks of running stuff in the cloud.

Others are mitigated by good opsec and backup strategies.

[gpvos]

2. Use a local password manager that saves to a file that you share using your own Nextcloud server.