bitchwarden login is going to require email verification my email password is stored in bitchwarden so what happens if i lose my phone and computer and want to access my email should my email password be something i memorize or what

so here are your options: 1. yubikey, if you lose this usb device you lose everything 2. authenticator, if you lose your phone you lose everything 3. email, need to remember the password, and if it gets hacked you lose everything

@tk@bbs.kawa-kun.com my use case is: if i am away from home and have no possessions, can i access all my personal documents/logins? ALL answers besides a cloud service with a single master key are "no".

@why@shitposter.world @tk@bbs.kawa-kun.com If I have a computer where I can install keepassxc, I can access my password vault (requires remembering my webdav credentials, hosted from my VPS (guess you could call that "a cloud service"), and the vault key)

@eal@post.ebin.club @tk@bbs.kawa-kun.com so you memorize two passwords. how is this effectively different from me having my gmail password be a memorized password

[email protected]@shitposter.world same situation, pisses me off infinitely. the whole point is just to remember 1 password

@zonk@shitposter.world @why@shitposter.world >Keepass

@why@shitposter.world 1. you should have at least 2 hardware token. one as backup 2 you should export your 2FA codes, save them encrypted on as many devices/storage as you can 3. use keepass with a strong passphrase (diceware +7 random words) and do the same as with 2.

@why@shitposter.world @tk@bbs.kawa-kun.com @eal@post.ebin.club a offline password manager and online email have very different threat models. physical access (harder) vs digital access (easier) so you want your strongest password protect your email since that has a much higher attack surface.

@DarkMahesvara@varishangout.net my house burns down. i was able to get out alive, but my phone and laptop and home server and every single device i have has been irreparably melted. i have an offsite server that backed everything up! it's super duper secure, it won't let me login without something i have......................................................

@why@shitposter.world 3-2-1 backup. your house burning down is A LOT less likely than email getting hacked. anybody with a job/friend/family has a off site otherwise you could rent a bank vault or hell burry it in the woods.

@why@shitposter.world having your backup only online is ofc a bad idea if to access it you need to have the original data or be in the location of it. get a or better multiple USBs and throw your encrypted password and 2fa db on it and put it where ever.

@DarkMahesvara@varishangout.net i lose stuff all the time. i live in a region that commonly has house destroying forest fires. home break-ins are also a real threat here. i also have an IQ of 75 and cant remember more than 8 characters for a password. my family is dead and i have no friends because im a retarded asshole. how do i keep my $100,000,000 bank account secure?

@why@shitposter.world make a 8 character password, hash/encode it and upload it to multiple clouds. as a account password you should use the original 8 character password.

@why@shitposter.world even if you loose your bank password you can reset it in the bank with proof of identify. any decent bank also require 2FA in form of an app or hardware token so even if you did use only a 8 character password (like many banks actually do ) it would be safe. besides bank money withdrawal usually has limits or can even be reclaimed in case of hack/scam otherwise ensure it.

@DarkMahesvara@varishangout.net how does that help? i can always hash it again. all cloud services require 2fa or passkeys now, which is fine as long as i have access to my password manager. except now my password manager requires a "something you have" factor. how do i access my password manager?

@why@shitposter.world switch to a password manager that doesn't = keepass(XC)