So I’m using bit warden self hosted and now I’m freaking out about the very real possibility of my passwords getting stolen or lost in a fire. Having passwords on my phone makes no sense.
We need some sort of distributed password manager safety net. Like I keep your passwords safe if you keep mine. But how can I trust you? Can you trust me?
It’s a bit sad that you’re downvoted so hard. You obviously have good intentions, just not having a good grasp yet if I may be frank. The solutions in this post are what you should follow IMO. In short, USB thumb/hdd drives with your important data. Encrypt the whole USB if your devices are under Linux if you wish. Use a proper password manager like KeePass to secure it additionally, with a strong master password of course.
No worries. I am taking notes on all that is said. I should probably work with my brothers in law to back up their stuff here so they can let me backup my stuff there. That way if my house goes up in flames I can drive there and get me a copy. Lots of good ideas being posted.
Backups are the most overlooked part of getting into self hosting. You’re basically a sysadmin now, you have to act like one. Get remote storage (cloud, friend / family house, hdd in a safety deposit box, etc…) and get your 3-2-1 on
But how can I trust you?
You can’t.
Can you trust me?
No.
Use https://www.passwordstore.org/. Sync it to a trusted person’s git server. Put the gpg key on a usb stick and give it to them. Write the password to the GPG key on a piece of paper and give it to your lawyer with instructions to give it to your trusted person in the event of your death.
This is interesting. Just recently two of my few YouTube personalities passed away. A co worker too. My co-worker definetly had no plan and his family was left high and dry. We had Robert Murray Smith who was broken when his wife passed and he used science to go follow her. His brother quickly left his followers a message. Finally a photographer who did darkroom demos and such also died. His channel says nothing about it. So YouTube is probably making money off dead people.
How may drugs have you done today?
Just one marijuana
Back up your data… Including the vault. Cold storage isn’t too expensive
Why would your passwords be stolen? If you have a good master password you could pass around thumb drives with the database and noone would be able to acces them, wince they are securely encrypted. Having them on your phone makes no difference as long as you don’t leave your phone and password manager app unlocked and out in the open (which both actively warn you against)
Use a yubikey hardware device, only the person with the hardware in hand and password can unlock your accounts
You don’t want that as the only option though, because you can definitely lose that and it’s not incredibly hard to break.
The solution to that is you purchase a backup key and enroll both when presented with the QR image for new OTP links, or add a secondary FIDO key on some accounts. Then you store the other one in a fireproof box.
Or you use a cryptographic key and print it out using shard tool. The shard tool lets you specify how many splits and how many required for a tebuild. It prints out the shards and you distribute to safe places or people. They are useless by themselves but if you scan in the required amount of pieces the tool will rebuild your cryptographic key
Just takes a brute force or 0 day vulnerability to get master password access, then they have everything.
Something that seems secure never is online, like the 2017 Intel managetment vulnerability where remote attackers could access your computer by sending a null password, and access your keyboard and camera etc
That’s why tools like keepass allow you to require more than just a password to decrypt.
Yes 2FA is good, but most people default to their phone being the tool, but your phone number can be ported by scammers, or is often the target of theft
So your solution to password theft is to make sure other people have them?
End passwordlessness.
For a single password, it is indeed illogical to distribute it to others, in order to prevent it from being stolen and misused.
That said, the concept of distributing authority amongst others is quite sound. Instead of each owner having the whole secret, they only have a portion of it, and a majority of owners need to agree in order to combine their parts and use the secret. Rather than passwords, it’s typically used for cryptographically signing off on something’s authenticity (eg software updates), where it’s known as threshold signatures:
Imagine for a moment, instead of having 1 secret key, you have 7 secret keys, of which 4 are required to cooperate in the FROST protocol to produce a signature for a given message. You can replace these numbers with some integer t (instead of 4) out of n (instead of 7).
This signature is valid for a single public key.
If fewer than t participants are dishonest, the entire protocol is secure.
IMO I don’t see why you get a second human involved. Store the database in an encrypted form… save a copy to some cloud service. Why count on another human for it
In case my house burns down. I guess a USB in the car would be good.
I’d refer you to one of the latest episodes of the privacy, security and osint show, but I don’t remember the number. So, basically, Michaels solution to that is to get an SD card, place it into a hollow coin and hide it in one of his friend’s house, so that he can later ask 'em to retrieve it 🤣
What’s your solution to this problem for the rest of your digital life?
This! OP is asking the right questions, but making a copy of your passwords does not cut it. Find a place to backup ALL your important data (that will be accessible when the house burns down).
Would a hurricane destroy both your house and car in one event?
Darn! I’m North of Seattle. No hurricanes here, just slow annoying rain. Think of rain, but then imagine it only stops a couple of days of the week. Keep imagining rain, remove the Forest and the frogs and the birds. I would add rabbit squirrel, coyote, and the occasional bear or reindeer… All of them making wet sounds. Moss and algae and mycelium covering everything. Then imagine a shower with a misting effect but for every million droplets remove all but 1 droplet. That’s our rain. Everything is fucking wet all the time but just not enough to wash things clean or sometimes even to keep trees happy. Imagine having to water your plants because the daily rain wasn’t wet enough. You know when you have a sink full of dishes so you fill it with water, but then you get a call about a relative in the hospital so you leave for a month and comeback to the dishes but now all of them have these water evaporation and dry sludge lines? Yup that’s outside. I feel for the homeless here.
Cloud backups.
