Embedded Files
I have a confession to make: I haven't been very good with my passwords in the last few years. Between jumping from the Apple ecosystem to the Android ecosystem (mainly because I was a poor student in Germany and because Tachiyomi is only available on Android), my accounts are all over the place.
This changed a little bit when, while spending a chill day at the beach, unbeknownst to me, a literal cyclone was hitting my home state, which prompted a rogue wave to rush into our plastic beach table and washed my cell phone away.
Financially, I was bothered by it but didn't really think much about it. It was a cheap midrange from Samsung I bought for around 260 EUR.
Security-wise, I also didn't really care much because I had a strong, non-obvious PIN and my SIM card also had a PIN on it, but being the paranoid I am I realized that my security was enforced by obscurity sometimes, which does not settle well to me.
Enter 😍 KeepAss 😍, the new love of my life.
My Stupidly Simple New Password Manager Setup
My Stupidly Simple New Password Manager Setup
It works like this:
I have KeePassXC installed on my MacBook Air
I have StrongBox installed on my iPhone
I have a free DropBox account installed on both devices which syncs the Passwords.kdbx database file between the two.
This file is encrypted with a password, but it also works with private keys or even a YubiKey.
Aaaaaaand, that's it. Dead simple. Costs me a total of zero of my hard-earned Brazilian Reais.
Questions:
Q: Why KeePassXC on the MacBook air and not StrongBox as well?
A: Both are free and opensource, but I like the idea of having a multi-platform client, as I run Linux sometimes. Although the offerings from StrongBox are stellar. Also, the phone I'm currently carrying is my old one, and a new A54 is in the mail. I don't want to feel too accustomed to StrongBox on the iPhone as I'll very soon have to move to KeePassDX for Android.
If you run on the Apple side only, I highly recommend buying the lifetime StrongBox Pro... it's 90 USD and 100% worth it. It's much more intuitive than the other offerings and is very friendly to use any cloud you want to (with the usual password auto-fill/face recognition niceties that anyone might expect).
Q: What's the attack vector like?
A: I am working on the basis of "one password to rule them all" type scenario. Every single account I have, including my phone password and its PUK are stored into the Passwords.kdbx database which is synced using my DropBox. From this database, I can recover literally every single other login that I have (you can store files/recovery codes within KeyPass entries, so 2FA is below this database in terms of security hierarchy).
Even the DropBox, cell phone and laptop passwords are managed by Passwords.kdbx, and I regularly back it up to a thumb drive which is completely offline and stored somewhere safe.
This way, I only really need to remember one password: the one that decrypts Passwords.kdbx, which only exists inside my head. And naturally, I can't lose Passwords.kdbx, otherwise I'm completely fucked 😀
Also, banking stuff generally requires face identification using the cell phone's camera, so it's another layer of added security, and I naturally use 2FA for everything (for ProtonMail I also have a mailbox password, managed by, you guessed it, Passwords.kdbx).
Page updated
Google Sites
Report abuse