Is a USB drive secure enough to store passwords?

[Pixelfie]

Someone tried logging into my Google account today, luckily I had 2FA on. I just changed my password, but I use this password for more accounts. I will change my passwords to some random numbers and letters, but even tho I'm good at remembering my passwords I can't remember all of them like that. Do you think it would be safe to store everything on a txt file on a USB drive? 

[kelvinhall05]

1 minute ago, Pixelfie said:

Do you think it would be safe to store everything on a txt file on a USB drive? 

Absolutely not. Never store passwords in plaintext, regardless of physical location or device.

 

EDIT: Use a password manager like Bitwarden.

[Quackers101]

you could write them down on paper, if standard password that doesn't need to change a lot.

USB is fine, but also depends for what use case. also making sure the USB device is not lost or damaged.

cloud encryption/storage through an user account is not the safest but most convenient.

[Oshino Shinobu]

No. Use a password manager. You can use an open format like KeePass, which has multiple different client options.

[Carter Te Overclocking Pro]

get a fire proof safe and put the usb in there using bitlocker

[Pixelfie]

3 minutes ago, kelvinhall05 said:

Absolutely not. Never store passwords in plaintext, regardless of physical location or device.

 

EDIT: Use a password manager like Bitwarden.

Never heard of Bitwarden, but it looks like a good option. It doesn't seem to support 2FA which I would like, however. Do you know a free option that works on 3 devices and supports 2FA?

[Carter Te Overclocking Pro]

2 minutes ago, Pixelfie said:

Never heard of Bitwarden, but it looks like a good option. It doesn't seem to support 2FA which I would like, however. Do you know a free option that works on 3 devices and supports 2FA?

https://lastpass.com/create-account.php look at the free stuff

[cacoe]

Encrypt the drive?

[Carter Te Overclocking Pro]

yes

Just now, cacoe said:

Encrypt the drive?

 

[Pixelfie]

2 minutes ago, Carter Te Overclocking Pro said:

https://lastpass.com/create-account.php look at the free stuff

I think it only supports 1 device for the free tier, but will give it a try.

[adarw]

how about usbs that are secure for bitcoin encryption?

[kelvinhall05]

14 minutes ago, Pixelfie said:

Never heard of Bitwarden, but it looks like a good option. It doesn't seem to support 2FA which I would like, however. Do you know a free option that works on 3 devices and supports 2FA?

2FA securing of the vault or a 2FA code manager? It has both but the latter can only be used with the $10/yearly subscription iirc. I just use Authy instead.

12 minutes ago, Carter Te Overclocking Pro said:

https://lastpass.com/create-account.php look at the free stuff

LastPass is trash now since their changes to their free tier. Bitwarden is the standard for free password managers now.

[Pixelfie]

23 minutes ago, kelvinhall05 said:

2FA securing of the vault or a 2FA code manager? It has both but the latter can only be used with the $10/yearly subscription iirc. I just use Authy instead.

First one. Just found it, will install Bitwarden now

[Carter Te Overclocking Pro]

32 minutes ago, kelvinhall05 said:

2FA securing of the vault or a 2FA code manager? It has both but the latter can only be used with the $10/yearly subscription iirc. I just use Authy instead.

LastPass is trash now since their changes to their free tier. Bitwarden is the standard for free password managers now.

ok tyty

[TetraSky]

If you want to use a usb drive, I recommend Keepass instead of a text file. No install required, it's "portable" and fully encrypted. It's safe and ofline.

 

But if you want convenience, being able to use it on your phone and quick access... Bitwarden is your best bet. Avoid LastPass, they pulled a bait and switch on free users earlier this year.

[kasugatei]

KeePass is the standard when it comes to the password managers. It is open source so you can be sure that it doesn’t have any back doors. If you want to be extra paranoid then use something like VeraCrypt to completely encrypt the drive with the KeePass password database on it. 

[Levent]

Lol no.

[appleache]

best trick is to have a generated code sheet with you, and a separate decoding sheet, doing like a keycard style, for example:

code sheet:

1 sahouierseudjzxe

2 USnekjs&soe

3 USneoip[sinx

 

decoding sheet:

website A: code 2 position 2 to 8, + 3jys

website A: code 1 position 3 to 8

 

etc

I also just use some serial number of my license or membership card as base code

[Generic Username]

encrypt drive with a password.... oh

[Akolyte]

12 hours ago, Pixelfie said:

Someone tried logging into my Google account today, luckily I had 2FA on. I just changed my password, but I use this password for more accounts. I will change my passwords to some random numbers and letters, but even tho I'm good at remembering my passwords I can't remember all of them like that. Do you think it would be safe to store everything on a txt file on a USB drive? 

A USB drive can be secure if you encrypt it, the problem is that you'd need a password to decrypt the drive - and what if you lost the USB? 

 

Your best bet is: 

• As some others have suggested, use a password manager. 
• Many sites including password managers support a Yubikey, which is a 2FA method using a USB Drive. (https://www.yubico.com/)  you plug the drive in and press a button on it, and that's your second factor. 

 

Remember to take regular backups of your password manager, you can usually encrypt these - and these would be safe to store on a USB drive provided the drive was sufficiently encrypted.