Trick is, use TWO password managers
- First one is server-based BitWarden
- Second one is file-based KeePassDX, with passphrase generator (actually, I tweaked this myself)
Then, use the passphrase generator in second password manager, BUT DON't use it directly.
Instead, modify the passphrase, or make variations to your likings; so as to make more memorable and funny. (Then store all master password variations.)
I do have a question, though.
How long should MASTER password, that you type in (not copy) often, be?
Next step, is generating PINs, probably - this one is also highly reused.
Top comments (7)
You're saying, use KeePass' password generator but store the passwords in Bitwarden?
Why would you do that? What problem are you trying to solve?
You can't store master password logging into to that password manager in that pass man.
And you don't want to be locked out of password man.
Now you have two points of attack.
Getting the hands on *.kdbx won't be easy, unless you really compromised my machine.
Don't know about cloud password store, though. I do have 2FA, and email notifications, but I don't truly trust....
I also believe that a stronger master password is required for server-based pass man; stronger than file-based pass man.
Cloud-based password managers generally support 2FA. If you're prepared to use a "strong" password for one thing, why not another? What I mean is that even if you believe one needs a strong password, why not use a strong password for both?
It takes energy to truly remember any new master password, though. I will update master for Keepass later, not now.