Hello đ Welcome to my corner of the internet. I write here about the different challenges I encounter, and the projects I work on. Find out more about me.
Firstly, I note down all my passwords and I make sure none are saved in any of my browsers. My passwords generally fall into one of two categories:
For these two tiers I have two password managers. The purpose of each password manager is to optimise for the usage of those passwords.
The âcommon passwordsâ password manager should be easy-to use, available as browser-plugin for multiple browsers, centralised across browsers/computers, so that it is easy to access the passwords in any browser, on any laptop. For these reasons, I prefer a âmanagedâ password solution. I use Lastpass here, but it could also be 1password or Dashlane. It doesnât matter really. It is important to save the master password to this password manager in your âsensitive passwordsâ vault, and that you have to enter the password only once per day / session etc.
The sensitive passwords need: to be as little as possible exposed to the external words, encrypted, validated to be safe, relatively easy shareable (for when something happens to you). This means it is preferably not a plugin, does not have centralised cloud storage, is open-source (validated by the community), and so, locally stores. For this I use keePass: an encrypted password manager that stores your passwords in one file that can be accessed through a master password. That âfileâ is your vault. The password to this file needs to be unique, difficult and long. This is also effectively the only password you will need in the future to access any of your passwords (sensitive or common).
On mac I use the macPass application to work with my keePass files, I can highly recommend it.
An extra step is to make sure there is a mechanism that your close ones have your passwords in case anything would happen to you. In that case, make sure the keepass file is stores in a cloud storage (OneDrive, Dropbox, GoogleDrive), and make a unique sharing link for one or multiple people that you trust. Share the link with them so they have access to it. Then, in your will, put the password to your vault. This is also the mechanism multiple of my family members (older generations) have started to organise themselves, and they have been using their vault to store more non-password-sensitive related data such as who to contact at their banks, things about their mortgages, etc.
Having a two tier password system thus allows me to relatively easily access the right passwords at the right time, while making it difficult for others on my laptop to access my credentials. This system struck the right balance between having to enter verification/master passwords/ease of use and safety.