Privacy

33156 readers

620 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

KeePassXC: Convenience of single passwords file and security of having multiple protected databases possible? (sh.itjust.works)

submitted 2 days ago by Quacksalber@sh.itjust.works to c/privacy@lemmy.ml

20 comments fedilink hide all child comments

I wanted to ask if it was possible, in any way, to have the convenience of just having to sync a single passwords file, while also having the security of putting more sensitive login credentials behind a different or additional passwords?

On my computer, I usually have KeePassXC unlocked for the entirety of being logged in. So if my computer were to be compromised, the attacker would not only get access to relatively unimportant accounts, like this Lemmy account, but also highly important ones, like my email or bank login credentials. So I'd like to split my passwords file into multiple "files", where the unimportant logins are permanently unlocked for convenience, while the more sensitive login credentials remain encrypted until I actually need them.

However, I also am fucking lazy and I know that I won't be able to keep up with the hassle of keeping multiple passwords files synced. So I wanted to ask if it is possible to keep the convenience of having just a single file that you need to sync, while also making use of the security that splitting up the passwords file brings.

Currently I use KeePassXC on my desktop and KeePass2Android on my phone, but I'd be willing to switch to other software, if the benefits are there.

you are viewing a single comment's thread
view the rest of the comments

[–] ZeDoTelhado@lemmy.world 8 points 2 days ago

So what you want to do, effectively, is to have different security requirements for different accounts. Correct? And all in the same file.

For now I just want to get a few things out of the way:

with this strategy, what are you protecting against?
how likely is this to happen?
what is your contingency plan?

I believe its good to have different levels of security for different things, but you also have to understand at what cost you need it.

I can propose a different thing altogether: for the very important passwords, like banks and such, use the pepper method. This means, you have on your password manager part of your password, and a small portion is something you know. Example: generate a 25 chars password, and have at the beginning or end, more 5 chars that you know (can be letters and numbers, and can be something you remember every day, like the first letters of your address plus house number).

With this approach, there are a couple of benefits:

you can still have computacionaly heavy passwords
if an attacker gets a hold of your open vault and try to login, it will fail since the password is effectively not complete

Biggest downside I see is remembering the pepper always. And make sure is not written anywhere. And of course, yo can always argue it is possible at some point to get the correct password with the base password known. But at this point, thus should give you enough time to change it and thwart the attack. Remember: there is no perfect security solution, only sufficiently good ones that can be usable and effective.