Hacker News new | ask | show | jobs
by drethemadrapper 4001 days ago
I was going to try use one of these solutions, when I read on the EFF that they all provide a single point of failure.

If anyone gets hold of your master key/pwd, they would have access to all your usernames & pwds.

https://ssd.eff.org/en/module/how-use-keepassx

Best to keep them separate - in your brain!
2 comments
Foxboron 4001 days ago
Thats true, but you do forget someone. If you use four-five different password spread among different sites, they will be easier to break then any generated password from keepass, pass or passwordstore.

>If anyone gets hold of your master key/pwd, they would have access to all your usernames & pwds. You would still need access to the physical storage medium. This is either a threat or not depending on your threat model, and for most people this is simply not a threat. And tbh, if someone got a hold of your unencrypted computer you got another problem.

link
asmicom 4001 days ago
The best advice I had heard in ages!!!

I was also about to join the bandwagon of using a password manager.

link