Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
DeagleMaster

Passwords on USB stick?

Recommended Posts

Posted · Original PosterOP

I really have to get better at keeping myself secure by using different passwords. I know services like lastpass exists, but I would like to achieve my online security without relying on a company. My idea is to start using strong  unique password on every single different account and having these password stored on an encrypted USB drive. What are the prose and cons of this?

Link to post
Share on other sites
3 minutes ago, DeagleMaster said:

I really have to get better at keeping myself secure by using different passwords. I know services like lastpass exists, but I would like to achieve my online security without relying on a company. My idea is to start using strong  unique password on every single different account and having these password stored on an encrypted USB drive. What are the prose and cons of this?

Lose the flash drive and you lose all your passwords. That seems like a pretty big downside to me.


Be sure to QUOTE or TAG me in your reply so I see it!

 

GAMING RIG -----> i7 4790k - GTX 1080 - MSI Z97 Gaming 5 - Fractal Design Define S - LOTS of Noctua cooling

FOLDING RIG ----> i7 2700K - GTX 1070 - GTX 1660 Ti - ASUS something or another motherboard - Antec 900

Link to post
Share on other sites
Posted · Original PosterOP
Just now, RAS_3885 said:

Lose the flash drive and you lose all your passwords. That seems like a pretty big downside to me.

Multiple flash drives?

Link to post
Share on other sites
2 minutes ago, DeagleMaster said:

Multiple flash drives?

That would make it less likely to find yourself without one, but now you also have to remember to clone/copy any password changes to all copies of the USB drive.


Be sure to QUOTE or TAG me in your reply so I see it!

 

GAMING RIG -----> i7 4790k - GTX 1080 - MSI Z97 Gaming 5 - Fractal Design Define S - LOTS of Noctua cooling

FOLDING RIG ----> i7 2700K - GTX 1070 - GTX 1660 Ti - ASUS something or another motherboard - Antec 900

Link to post
Share on other sites
17 minutes ago, TotallyNotGigabit said:

What if you lost those too? I'd dedicate a notepad of passwords and keep it somewhere safe where you know where it is.

Note pad all the way, Easy place to keep password.

Link to post
Share on other sites

You can use pass or KeePass or some other tool and store the password database wherever you want. Actual password manager can bring certain benefits over just storing passwords in an encrypted format. For example automatic password generation tools based on your requirements, copy passwords without exposing them, browser integrations to avoid having to copy/type them, additional checks to notify you of reused or leaked passwords (using HIBP or similar), audited code, cross-platform compatibility etc. KeePass also has the option to require a password + a keyfile. KeePassX supports YubiKey in addition to the previous methods.


One thing is reliability indeed - flash drives do not have very long life in terms of write capacity. Having multiple ones requires you to keep them all in sync, which is not very convenient. Other concern is where are you planning to use it - do you need mobile device support? How much do you move and need to carry the stick around? Do you use unknown devices or do you only connect it to known devices? If the former, how are you storing/encrypting the contents of the drive? Do you expose them all at once or all separately? Are any passwords/keys going to be stored in memory?

 

It all comes down to your threat model - what are you protecting and from who? Are you a target and for who - who are you worried about? Random script kiddies or national/government level hackers? It's a matter of security vs convenience - where is the ideal balance for you.

 

And as said above, always think ahead to not lock yourself out. Always use multi-factor authentication - you can secure your passwords, but if it's the service fails (data leak, vulnerability, social engineering), it won't be any help.

 

I have used KeePass for years and have not had issues with it. I prefer having more control of the database than the online services offer. I have the database file in my personal/self-hosted cloud.


Skynet: MacBook Pro Late 2016 Space Gray | i7-6820HQ 2.7 GHz | 16 GB LPDDR3 | Radeon Pro 455 2048 MB | 512 GB NVMe SSD | 15" 2880x1800

HAL9000: Intel i5-9600k | Cryorig M9 | 32 GB Corsair Vengeance LPX DDR4 3200 MHz | Gigabyte Z390I AORUS PRO WIFI | MSI GTX 1080 Ti SeaHawk X | 1 TB Samsung 970 Evo Plus + 1 TB Crucial MX500 + 512 GB Samsung 970 Evo Plus | Corsair TX650M | NZXT H210i | LG 34UM95 34" 3440x1440

Hydrogen server: AMD Ryzen 9 3900x | AMD Wraith Prism | 64 GB Crucial Ballistix 3200MHz DDR4 | Asus Prime X570 Pro | Corsair HX1000 | 256 GB Samsung 850 Evo + 1 TB Crucial MX500 + 4x 3 TB + 2 TB WD Red/Seagate/Toshiba  | Fractal Design Define R5 | unRAID 6.8.3

Carbon server: Fujitsu PRIMERGY RX100 S7p | Xeon E3-1230 v2 | 16 GB DDR3 ECC | 60 GB Corsair SSD & 250 GB Samsung 850 Pro | Intel i340-T4 | ESXi 6.5.1

Big Mac cluster: 2x Raspberry Pi 2 Model B | 1x Raspberry Pi 3 Model B | 2x Raspberry Pi 3 Model B+

Link to post
Share on other sites

Do you have somewhere where you can access a service like Dashlane, Keypass or Lastpass? 
 

I have found them extremely useful.


i5 8600 - RX580 - Fractal Nano S - 1080p 144Hz

Link to post
Share on other sites
8 hours ago, jj9987 said:

You can use pass or KeePass or some other tool and store the password database wherever you want. Actual password manager can bring certain benefits over just storing passwords in an encrypted format. For example automatic password generation tools based on your requirements, copy passwords without exposing them, browser integrations to avoid having to copy/type them, additional checks to notify you of reused or leaked passwords (using HIBP or similar), audited code, cross-platform compatibility etc. KeePass also has the option to require a password + a keyfile. KeePassX supports YubiKey in addition to the previous methods.


One thing is reliability indeed - flash drives do not have very long life in terms of write capacity. Having multiple ones requires you to keep them all in sync, which is not very convenient. Other concern is where are you planning to use it - do you need mobile device support? How much do you move and need to carry the stick around? Do you use unknown devices or do you only connect it to known devices? If the former, how are you storing/encrypting the contents of the drive? Do you expose them all at once or all separately? Are any passwords/keys going to be stored in memory?

 

It all comes down to your threat model - what are you protecting and from who? Are you a target and for who - who are you worried about? Random script kiddies or national/government level hackers? It's a matter of security vs convenience - where is the ideal balance for you.

 

And as said above, always think ahead to not lock yourself out. Always use multi-factor authentication - you can secure your passwords, but if it's the service fails (data leak, vulnerability, social engineering), it won't be any help.

 

I have used KeePass for years and have not had issues with it. I prefer having more control of the database than the online services offer. I have the database file in my personal/self-hosted cloud.

Everything here is spot on. Convenience versus security. Always a balancing act. I personally use LastPass and it has been wonderful. Like KeePass, it lets you store passwords, randomly generate passwords, has browser extensions and has a mobile version. It can also be set up with multifactor authentication with various services like Google Authenticator, Okta and I think Yubikey but don't quote me on that. The nicest thing about it, though I think you have to pay for the feature, is being able to fill passwords on mobile apps and web pages. I run LastPass on my phone and it has been so convenient. I have it protected by biometrics on the phone as well.

Link to post
Share on other sites
11 hours ago, Grumpy Old Man said:

Brains

I lost my brains a long time ago. Why do you think i'm on this forum!

Link to post
Share on other sites

I use Keepass to keep all the passwords in an encrypted database and Nextcloud to keep the database synced between all of my phones, tablets, desktops, laptops and servers. Nextcloud makes sure the database is, indeed, always in sync, regardless of which device I use to modify the database and Nextcloud also keeps several older versions of the database accessible by default, so if I were to e.g. corrupt the database, I can just pick the previous version and continue using it. In addition to all of this, I take a weekly backup, as well.

 

Presumably, one could just as well use Google Drive or Microsoft's OneDrive or similar, instead of Nextcloud.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Newegg

×