this post was submitted on 22 Apr 2024
28 points (100.0% liked)

Open Source

31277 readers
273 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I rely on Bitwarden (slooowly migrating from... a spreadsheet...) and am thinking of keeping a master backup to be SyncThing-synchronized across all my devices, but I'm not sure of how to secure the SyncThing-synchronized files' local access if any one of my Windows or Android units got stolen and somehow cracked into or something. I'm curious about how others handle theirs. Thanks in advance for sharing!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 7 months ago (1 children)

This is the way OP. Centralised services are just too much a target for bad actors.

You already have syncthing so most of the way there.

Also built in TOTP / 2fa is pretty great.

[–] shiftymccool 2 points 7 months ago (3 children)

Also built in TOTP / 2fa is pretty great.

I can't wrap my head around how this is a good idea. Isn't the idea of mfa to protect against password theft? If your second factor is stored with your password, how does that help anything? Honest question, I see this everywhere but can't figure out why it's acceptable with security-minded folks

[–] [email protected] 4 points 7 months ago

Yeah fair question. IMO it def makes things less secure, but it's a question of how much less?

As in, if all my passwords are "sexG0d" then 2fa is critically important, but if all my passwords are long and complex and unique then 2fa is still another layer but it's much less critical.

[–] [email protected] 3 points 7 months ago

If someone were to pinch a password through a phishing site or a key logger they would still need to unlock your .kbdx file. The way I see it, if an attacker has cracked your database, you already screwed up 20 steps ago. (Sharing your .kbdx, using a weak password for it, not changing your other passwords) I think that 2FA on a different device is too much of a hassle for how much extra security it can bring.

[–] [email protected] 2 points 6 months ago

Late reply, but for me personally, I started doing it because my Keepass database is already accessed using two factors (password and key file). Therefore, I'd gain very little by keeping the second factor of those sites external - essentially, those second factors are compounded into the second factor for the database.