Hacker Read

fab13n · 2011-07-29 08:21:09

A very convenient place to store and retrieve them is under a "passwords" folder in your private mail account or your Dropbox, both of which get synchronized with your unprotected smartphone...

digitallyfree | karma 605 | avg karma 2.1 · | 2022-06-07 09:48:28

I store them in Keepass files and then bury them/give to a friend/save in the cloud/whatever. It's just a single password that you remember, with no reliance on an external authenticator or like. And if someone finds your files, they're useless without the password.

If you store them on cloud, you should obviously do so on a service with no 2FA and a password you remember. The first priority is that you can access it anywhere and the main protection comes from the encrypted Keepass file.

reply

camiller | karma 1010 | avg karma 1.98 · | 2017-02-08 21:47:54+00:00

I actually keep it in my keepass password manager, so it is encrypted and on my phone.

prepend | karma 20867 | avg karma 2.84 · | 2023-03-28 19:15:36

I have a piece of paper with my passwords sealed in an envelope stored in a safe place. A few trusted individuals know where that is.

This is much more reliable and durable than having 1Password still be around when I need it.

reply

r1ch | karma 3481 | avg karma 5.61 · | 2020-06-02 14:33:44+00:00

I put them into a password manager which is backed up both on Dropbox as part of sync and Backblaze for long term.

stephengillie | karma 8873 | avg karma 1.89 · | 2015-05-22 15:32:11

I store these in the Notes field in KeePass. Or sometimes in their own password entry.

Revisor | karma 699 | avg karma 2.76 · | 2011-08-15 13:16:16+00:00

Use Dropbox, sync the DB to a flash drive aka use a more robust solution than a smartphone, or get used to it that encrypted passwords may mean there will be situations where you wont have access to them.

10729287 | karma 345 | avg karma 2.09 · | 2022-06-15 00:49:47

This is the way :

keepass database with passwords and secrets, paswword protected archive of 2FA qr codes, on usb drives, in two locations.

Master key and phone pin in the safe at the bank

reply

sami_b | karma 166 | avg karma 4.88 · | 2010-07-08 14:07:58+00:00

Same here. I save it on my dropbox account, just in case I needed access to my password when I am away from my computer.

eikenberry | karma 3875 | avg karma 2.15 · | 2020-02-29 03:08:37+00:00

Use the text based secret and save a copy in an encrypted file and keep it on a usb memory stick. Put that in a safety deposit box if are paranoid enough. Either way, you lose your phone you have all your auth secrets available to re-enter.

junto | karma 6906 | avg karma 3.14 · | 2014-09-05 12:38:35

I store them as secure notes, or attachments in secure notes, using 1Password. I'm quite happy with it so far.

thrashh | karma 2012 | avg karma 3.0 · | 2023-07-14 12:57:08

You could just store them in a separate password manager like BitWarden? Or even encrypted in a separate Dropbox account?

Ultimately if you want to be able to recover your identity from anywhere in the world with absolutely nothing on you except cash (to buy a new device and service), you have to store this data somewhere. And you wouldn’t store this data in the same place that you’re trying to recover because that’s not very useful.

Is it without risk? No, but there is no risk-less way to be able to recover a piece of data once you lose all your possessions somewhere random in the world because the only thing you have left that you can still use is what you know.

reply

EVa5I7bHFq9mnYK | karma 1543 | avg karma 0.85 · | 2024-06-03 06:48:55

In KeyPass. They are safe there, backed up, and searchable.

Symbiote | karma 17180 | avg karma 2.4 · | 2016-07-31 20:55:12+00:00

I keep some Google and Github account recovery codes on a slip of paper with my passport, some more in my wallet, and all in an encrypted file on a server with SSH access.

Hopefully that's enough that I'm not too inconvenienced, should my phone be stolen.

reply

nucleardog | karma 2725 | avg karma 2.3 · | 2021-03-30 14:45:56

Or just keep them somewhere that isn’t directly beside the password?

I have my password in a password database, and my TOTP tokens on my phone and a Yubikey.

I have a second “break glass in case of emergency” password database that contains TOTP secrets for all my most essential accounts and a backup of the key loaded on my Yubikey.

reply

packetslave | karma 4258 | avg karma 4.47 · | 2013-09-04 03:31:41+00:00

I keep mine in a txt file on an IronKey. Something like a secure note in Lastpass would probably work too.

joshstrange | karma 18081 | avg karma 4.11 · | 2022-06-07 09:49:41

Why not just use a password manager, store the emergency recovery kit in Dropbox or at a public url (encrypt the kit with a password you know)?

testuser66 | karma 12 | avg karma 0.75 · | 2020-03-02 10:03:14

You do realise that storing them (be it Google, LastPass, or any other hopefully trusty manager) is safer than carrying them around on you, right?

deadbunny | karma 3746 | avg karma 2.92 · | 2021-10-24 13:48:57

I keep mine in a file in a drawer. My threat model doesn't cover people breaking in and finding them as well as knowing my password managers master password.

mikewarot | karma 10851 | avg karma 2.02 · | 2022-12-25 11:38:11

The safest way to store passwords is written down on a piece of paper. Maintain physical custody of it, never let it out of your possession.

If you need backups, use a non-networked copier, or an old style stand-alone point and shoot camera. Don't ever put the SD card in your computer. Keep all copies as secure as the original.

Banks have safety deposit boxes that can offer relative security. If you really want to be safe, manually encrypt your passwords.

[Edit] As others have pointed out, phishing is an issue. Be careful where you enter your passwords.

reply