DEV Community

Pacharapol Withayasakpunt
Pacharapol Withayasakpunt

Posted on

I changed my master passwords (and thoughts)

Trick is, use TWO password managers

  • First one is server-based BitWarden
  • Second one is file-based KeePassDX, with passphrase generator (actually, I tweaked this myself)

Then, use the passphrase generator in second password manager, BUT DON't use it directly.

Instead, modify the passphrase, or make variations to your likings; so as to make more memorable and funny. (Then store all master password variations.)

I do have a question, though.

How long should MASTER password, that you type in (not copy) often, be?

Next step, is generating PINs, probably - this one is also highly reused.

Top comments (7)

Collapse
 
moopet profile image
Ben Sinclair

You're saying, use KeePass' password generator but store the passwords in Bitwarden?

Why would you do that? What problem are you trying to solve?

Collapse
 
patarapolw profile image
Pacharapol Withayasakpunt

You can't store master password logging into to that password manager in that pass man.

And you don't want to be locked out of password man.

Collapse
 
moopet profile image
Ben Sinclair

Now you have two points of attack.

Thread Thread
 
patarapolw profile image
Pacharapol Withayasakpunt • Edited

Getting the hands on *.kdbx won't be easy, unless you really compromised my machine.

Don't know about cloud password store, though. I do have 2FA, and email notifications, but I don't truly trust....

Collapse
 
patarapolw profile image
Pacharapol Withayasakpunt

I also believe that a stronger master password is required for server-based pass man; stronger than file-based pass man.

Collapse
 
moopet profile image
Ben Sinclair

Cloud-based password managers generally support 2FA. If you're prepared to use a "strong" password for one thing, why not another? What I mean is that even if you believe one needs a strong password, why not use a strong password for both?

Thread Thread
 
patarapolw profile image
Pacharapol Withayasakpunt • Edited

It takes energy to truly remember any new master password, though. I will update master for Keepass later, not now.