How to: set up a sane and future proof password and secrets management system

-

Listening to all the issues and problems besetting popular 'password managers' on various podcasts, not least their creators selling up and handing the software over to 'big tech', not least the task of juggling compatibility with the various desktop and mobile browsers, not least the navigating of new methods of ID and 'web 3.0'... I was struck that my chosen system is still the best way forward. 

For me, anyway, if not perhaps 'normobs'. I'm a firm believer in keeping things simple. And also in using 'open source' software where possible as it avoid commercial outfits trying to shoehorn in extra features that 'make them money'.

So. Here's what I've done since 2010 - and have set up for my family and friends. No need to have a piece of software from the exact same company that runs on every platform, no need to juggle syncing between devices. You just have one 'encrypted blob of data' in the cloud. I keep it in Google Drive, but it could equally well be Microsoft's OneDrive or similar.

In this, I keep all my (currently over 900 different) passwords, all my secret reference information, everything I don't want outsiders to ever see, and all I have to remember is the one master password for the 'encrypted blob'.

KeePass is the encryption system I use, see here for more on this. My 'blob' is in a folder on my Google Drive, to ensure that it's available whatever I'm using and wherever I am. Developers have built applications for Mac, Windows, Android, and iOS (and more), often free or shareware - and as long as the platform in question gives access to Google Drive (usually including an offline mirror of the encrypted blob) then the appropriate client lets me see and edit all my passwords and secret information.

The clients also handle the updating of the 'blob', so if I make a change in (e.g.) Keepassium for the iPhone or Keepass2Android on any of my Android phones or Strongbox on the Mac (etc, you get the idea), then the software auto-merges the change into the master blob in the cloud.

[Example screenshot from (here) Strongbox, one of the several KeePass clients on the Mac]

It's at this point that you point out that these KeePass clients don't leap in to auto-insert passwords in the way that the likes of LastPass and BitWarden do. This is, on the whole, true, but I'd argue that:

  • I'd rather have a rock-solid cloud-based solution that's not dependent on some commercial company that can be bought out and radically changed.
  • Each of the clients do allow for one-tap/click copying of relevant passwords or information, ready for similar one tap/click pasting into a password field on a site, for example. 
  • The very act of looking up details for a site or system acts as a refresher in what a password is, so that it burns itself just a little bit in your brain. So that if all else fails and you're somewhere, at a strange computer and your phone is lost, you'll still have a fighting chance to log into something. If, like me, you set passwords based on a site's function then this is actually practical. So, for example, Keepassium is reminding me that my password for SeeTickets.com is 'SeeHarryStyles22'. [OK, so it's not really but that's the sort of system I use when making up passwords.]

It's also true that some of the KeePass clients for various platforms do have shareware-style fees, usually for extra features, but for most people it should be enough to get going completely for free, and then build up extra clients and platforms as needed.

The very fact that I've had to write 1000 words explaining my system tells that it's slightly 'home brewed', but it's worked for me for years and I'm pretty confident that nothing major is going to shake any of this for the next decade. 

There's something to be said for stability!!

PS. If you like this feature and want to support my work then please do so here via PayPal. Thanks.

Comments

Post a Comment

Popular posts from this blog

Wavelet - and better sounding speakers (and headphones) on Android...

-
Image
You may well be fairly happy with the audio output (speakers and headphones) on your existing Android phone. Or, like me, you may welcome an extra step up. Perhaps more bass/punch, clearer treble, or perhaps just a volume boost overall. Now, there have been various 'boost' utilities for Android in the past and they've been a bit patchy in how well they work. But Wavelet, discovered by Ted Salmon back in 2021, is a whole different kettle of fish, in that it works supremely well, with extra bass, clarity, and volume,   BUT has a very confusing interface. Which is why a brief tutorial is in order. The steps come from Ted in bullet point form, but expanded by me here and with screenshots, which will hopefully help. By the way, ignore the 'headphone specific' text in the app's title - it works perfectly well for speakers too. In fact, by definition, I'd say that it's really ONLY for speakers, since with headphones you've usually got plenty of natural i
Read more

Bluetooth keyboard incorrect PIN or password - SOLVED

-
Image
Just in case this helps anyone else, I had a nightmare today with my Bluetooth keyboard and my Android phone - but I used some common sense and found a geeky solution. In my case it was a ZTE Axon 7 running Lineage OS and a Microsoft Universal Folding Keyboard (UFK), but I suspect this cure will work for more general issues. The symptom was that when I tried to connect a previously paired keyboard I first of all got just the raw Bluetooth address shown and not the keyboard name. And then, when I tried connecting, I got an "incorrect PIN or password" error message. No chance to reenter a PIN and no amount of restarting keyboard or phone would fix it. The cure seemed to be to reset something in the phone's Bluetooth system, but what? The keyboard wasn't showing up as paired, so I couldn't 'forget' it. I tracked it down in the end. Settings, Apps, then 'Show system' on the '...' menu. Find and tap on 'Bluetooth extensions'.
Read more

How to fix Blink XT2 Camera 'Thumbnail failed' error!

-
Image
Update - Jan 2023: Amazon/Blink just changed the interface in their app - so things may have moved slightly in the UI! The Blink XT2 cameras are great - a trivial way to keep an eye on a loved one (in my case an aged parent) without wires or complex DIY hassle. Just set a camera or two up on your Wifi and you can keep an eye on them from across the world.  And all is fine, generally, I tap to take a photo or video if my dad isn't answering the phone, to check where he is and whether he's OK. Yes, there's motion detection available, but I usually have this off as when he's well he'll move around and keep triggering images and videos, which then drain the batteries too quickly. (I do have motion detection on my own house's security cameras, outdoors) But recently I had the strangest error: 'Thumbnail failed' on one of the cameras and it persisted for days.  Now, I live 150 miles away and so Blink's suggestion of 'take the batteries out and put them
Read more