How safe is it to store passwords in a text file on an encrypted drive?
(Drive unlocked, passwords copyed, drive suspended, clipboard erased)
I am trying to figure out a simple way to mange passwords (many of which change frequently) across several machines (some which are seldom connected to the internet).
Because in that case, I would say look at one of the many KeePass versions. You can keep your own vault, and sync between machines at your leasure.
This relies on you syncing, but retains control
I recommend placing an encrypted keepass file onto the encrypted drive as a better solution.
Keepass also allows you to merge keepass files if you did store one on a local machine, updated it and wanted to import those changes/additions to the master file on the drive.
Other nice aspects of keepass is the ability for it to generate new passwords and store/group accounts/passwords. If you haven’t tested it you should.
Mounting the drive would make the text file visible in plain text to everything on the OS. So I wouldn’t recommend it.
Keepass already does what it sounds like you want (an offline encrypted password database) not to mention it will be far easier to manage. So that would be my recommendation.
If I may add to the Keepass suggestion: use a key file + master password. That someone needs to get to both files to unlock the database instead of just the database.
Chalk another point for keepassxc & keepassxc-browser.
The way i describe the method is “encrypted tombs”, I have been using it for a couple years. it can open with a key file or password. Handles the browser intergration, has an SSH agent and KeeShare feature. I highly recommend. ESPECIALLY for offline use.
Given there are free, well tested and security-pro recommended password storage options that can use local media (e.g., KeePass) that actually encrypt your passwords - why would you do that?
Keepass can make your life much easier via
random password generation
ctrl+alt+a (or other methods) user configured/customisable auto-fill
Once you use keepass (or equivalent), if you’re willing to trust its database encryption (and i do personally, your choice), you can store your password file in the cloud quite comfortably, and sync it everywhere via dropbox/icloud/onedrive/NextCloud/whatever - and do away with the single USB stick that WILL die on you or get lost eventually.
I actually don’t have it synced to anything, but I do use MEGA account to back up my tombs. Considering the feature set for KeepassXC is anyone using “Key files” or SSH ??? I was considering adding a key file to it for that added layer…