this post was submitted on 09 Sep 2023
257 points (96.1% liked)

Privacy

32456 readers
402 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (2 children)

I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It's barely-secure, but the data is not accessible except when I'm updating it. It's similar to the mooltipass but all the passwords are stored on eeprom.

Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.

Honestly, I'd love to just simply be able to afford a mooltipass though. :(

This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/

And I usually generate the passwords with an online tool so that I'm never using the same password twice.

[–] [email protected] 21 points 1 year ago* (last edited 1 year ago) (2 children)

Why not keepass and its editors and just keep the vault file on a flash drive?

[–] [email protected] 8 points 1 year ago

Exactly. Plus, if you're a windows user, you can keep the portable version of KeePass on the drive as well.

[–] [email protected] 5 points 1 year ago (1 children)

Not OP but this is exactly what I do and it works great

[–] [email protected] 1 points 1 year ago

Same. Keepass either on a flash drive or synced via syncthing.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

That's a lot of trouble to go into to have questionable security. Though it's admittedly really cool.

I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still...

Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn't protect you against inputting data on a wrong (phished) domain.