postsger.blogg.se - Bitwarden usb key

Yubikey starts as an open source hardware and software but decide to go propitiatory latter on. You still need a password manager to use some site where Yubikey is not supported, but you can use Yubikey to encrypt your password manager database. Google supports Yubikey and you can use Oauth to login most common web service, except ebanking maybe. What you are referring to is some smartcard device, like Yubikey. If you have strong password, then you should not worry someone break your vault when you backup your keepass database in cloud. Now I am not sure if it is true, but since password manager is your last defense, you should have at least 8 words. Now, how much words do you need to secure a password manager? There are news that said 5 words diceware could break by GPU. Try calculate the numbers, even a 4 words weak diceware password has 4 more digits larger permutation than a 8 words lower case alphabet password. Now if I am going to brute force a diceware password, I would need at most 7776^4 times for a 4 words password.

Why diceware is strong? Basically, if I am going to brute force a lower case alphabet only password, I would need to try at most 26^8 times for a password length of 8. Find some detail information from the following site. Don’t use a computer to generate if you want real randomness. You should have a list of words, say 7776 of words, and randomly pick those word by real dice. You should not open a dictionary and find a word by your instinct. The idea is pretty simple, but xkcd missed the most important point: randomness. Thanks in advance for any hints and helpful thoughts! “Take a YubiKey and LastPass, because that’s the best in terms of libre hardware and libre software, bla-bla-blah, endorsed by the FSF, bla-bla-blah, even Richard Stallman uses the same setup, and the Librem 5 will support …” I’m looking for an answer like: (seriously!) unlock master password with hardware key only)

obviously integrates the password management service and the hardware security key (e.g.

caches the database in a local app or so)

works when the service is offline (e.g.

I don’t care much about macOS and Windows) easily integrated in all major web browsers and hardwares - phones, notebooks) Which combination of a password manager and a physical security key should we use that are all of: Locally, I’d like to integrate a password manager (service), so in theory passwords would only exist on our living room server.

I’m now prepared to host all my personal data and media at home (personal NAS), and I plan to do encrypted backups offsite of all data to be safe. no encrypted backups offsite) and b) services that may be compromised or abused by NSA & friends. I’m worrying about password managers that can a) make me lose all passwords easily (i.e. I want my kids, my wife and I to stop using passwords (especially common passwords shared across services).