How safe is it to store passwords in a text file on an encrypted drive?
(Drive unlocked, passwords copyed, drive suspended, clipboard erased)
I am trying to figure out a simple way to mange passwords (many of which change frequently) across several machines (some which are seldom connected to the internet).
[edit 2] Upon further research, Bitwarden relied on an internet connection to create new records, so snip the below:
Is this because you distrust password managers like Bit Warden or lastpass?
[edit: I’m sure you can run a local Bit warden database, and sneaker net it around to the machines without a net, but will check]
Because in that case, I would say look at one of the many KeePass versions. You can keep your own vault, and sync between machines at your leasure.
This relies on you syncing, but retains control
I recommend placing an encrypted keepass file onto the encrypted drive as a better solution.
Keepass also allows you to merge keepass files if you did store one on a local machine, updated it and wanted to import those changes/additions to the master file on the drive.
Other nice aspects of keepass is the ability for it to generate new passwords and store/group accounts/passwords. If you haven’t tested it you should.
Mounting the drive would make the text file visible in plain text to everything on the OS. So I wouldn’t recommend it.
Keepass already does what it sounds like you want (an offline encrypted password database) not to mention it will be far easier to manage. So that would be my recommendation.
If I may add to the Keepass suggestion: use a key file + master password. That someone needs to get to both files to unlock the database instead of just the database.
Chalk another point for keepassxc & keepassxc-browser.
The way i describe the method is “encrypted tombs”, I have been using it for a couple years. it can open with a key file or password. Handles the browser intergration, has an SSH agent and KeeShare feature. I highly recommend. ESPECIALLY for offline use.
Comes in a flatpak as well.
Another one for KeePassXC. Tried many, contemplated even more, never switched.
I think you should ask yourself this:
Given there are free, well tested and security-pro recommended password storage options that can use local media (e.g., KeePass) that actually encrypt your passwords - why would you do that?
Keepass can make your life much easier via
Once you use keepass (or equivalent), if you’re willing to trust its database encryption (and i do personally, your choice), you can store your password file in the cloud quite comfortably, and sync it everywhere via dropbox/icloud/onedrive/NextCloud/whatever - and do away with the single USB stick that WILL die on you or get lost eventually.
Oh yeah, maybe a better use for the flash drive…
Keepass can run “stand-alone”.
So sync your DB wherever, and then run keepass from the flash drive if it isn’t installed on the local machine.
When I first got it, it was conceptually what i wanted. I tried LastPass and others, the process was less straightforward and complicated.
The thing i like about keepass in particular (and it’s variants, kypass, keepassX, etc.) is that sync is left up to the end user.
if you don’t like dropbox - don’t use it
if you don’t like apple icloud, don’t use it, etc.
lastpass and the like do their own sync and i don’t like being tied to that.
I actually don’t have it synced to anything, but I do use MEGA account to back up my tombs. Considering the feature set for KeepassXC is anyone using “Key files” or SSH ??? I was considering adding a key file to it for that added layer…
KeePass + Syncthing