Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
Passwords are hard. Pwned host computer is game over for almost everyone, barring some Qubes-type VM segregation setup. The passwords need to be entered in plaintext somehow. You can limit the extent of a breach by keeping your entire password db on an offline machine and lazily QR code'ing it across to the live machine whenever it needs a refresh. Password db encrypted with a gpg smartcard is also pretty good (though not as good as the offline setup, unless you need to tap per decryption like with a Yubikey, in which case I'd rate it as only slightly inferior).
I think you forgot the most important tip however: the more secure your setup, the higher the risk of you locking yourself out of your accounts/backups/encrypted storage. Find a way to dump your secrets in plaintext that fits your threat model (all of them, including TOTP secrets - ie, what generates your 2FA codes). This might be a box in your apartment with a backup at your office, or a safety deposit box, for instance. On the other end of the paranoid spectrum, a engraved titanium plate inside a waterproof container encased inside a block of concrete dumped in the middle of a remote lake works as well.
More options
Context Copy link