Em

Em0nM4stodon@infosec.exchange

Privacy Advocate. Security Passionate. Protector of Data. Tamer of Python. Lover of Encrypted Keys. Recycled Artist. Hardware Enthusiast. Fan of FOSS. Happy Mastodon Mentor to all newcomers!

Spending most days writing, reading, and talking about privacy. Journalist at @privacyguides

Open-sourced & Open-hearted.
(she/her) 🏳️‍🌈

🔒 Privacy tips at: #TinyPrivacyTip
🐘 Mastodon tips at: #TinyMastodonTip

Other hashtags I talk about:
#DigitalRights #Privacy, #Security, #Python, #FOSS, #FLOSS #OpenSource

🐘 Also at: infosec.space/@Em0nM4stodon
🐘 And at: fosstodon.org/@Em0nM4stodon
🐘 And at : mastodon.social/@Em0nM4stodon
#NoAI #NoBot #NoIndex #NoArchive #nobridge

This is a personal account. Opinions expressed here are my own and do not necessarily reflect my employer. Especially emojis :awesome:

ActivityPub

Em

3 weeks ago

Em
3 weeks ago

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: privacyguides.org/articles/202…

#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

KeePassXC + YubiKey: How to set up a local-only password manager

This tutorial demonstrates how to install the local-only password manager KeePassXC and secure a password database with YubiKey.

^{www.privacyguides.org}

in reply to Em

IzzyOnDroid ✅

in reply to Em 3 weeks ago

Thanks for the guide!

"you should first make sure that you either have a secure backup for this Challenge-Response" – good you mention that! Fro me, it left the question: and how do I do that?

I still wish it would be possible to use the Yubikey as *alternative* to the passphrase, not an XOR. So a tap on the key, when available, saves me from typing the long phrase – but if the key's "gone", I still can get in with the phrase…

in reply to IzzyOnDroid ✅

old_school

in reply to IzzyOnDroid ✅ 3 weeks ago

@IzzyOnDroid because I wanted to be on the safe side I invested in a second key 😃

@IzzyOnDroid ✅

in reply to old_school

IzzyOnDroid ✅

in reply to old_school 3 weeks ago

@old_school that's why I kept my fingers off this 🙈 @Em0nM4stodon @keepassxc

@Em @old_school @Team KeePassXC

in reply to IzzyOnDroid ✅

Friesenkiwi

in reply to IzzyOnDroid ✅ 3 weeks ago

Your can do it by chaining: have your regular store with a very long, random and complex Password that you'd never memorise or type. Write it down on a piece of paper and put it into a steel safe as backup

And then create a second keepass file, that uses a hardware key (e.g. @nitrokey ) to unlock. Into it, put ONLY the passwort to the regular file in an entry in the folder „AutoOpen“ that has the local filesystem path to the regular file in the „URL“ field. (See keepassxc.org/docs/KeePassXC_U…)

This way, for regular usage, you use the convenience method via hardware key and second file, which will in turn unlock your regular file automatically.

If you loose your hardware key, you take the backup sheet of paper from the steel safe.

@Em0nM4stodon @keepassxc

KeePassXC: User Guide

^{keepassxc.org}

@Nitrokey @Em @Team KeePassXC

in reply to Friesenkiwi

IzzyOnDroid ✅

in reply to Friesenkiwi 3 weeks ago

@Friesenkiwi @nitrokey that would work, but is not what I'd call intuitive 🙈 I can use a Yubikey to log on to my machine. Or I do not put in the key, and then can enter a password. No linking between the two. That's what I'd imagine there.

Well, icing on the cake (but nice icing)…

@Nitrokey @Friesenkiwi

⇧

Em

Em 3 weeks ago • •

Em
3 weeks ago