"If someone were to obtain the USB and know my master password, they could access my password storage. How can I encrypt this key file with its own unique password? My goal is to require someone to have the USB, know the password to decrypt the key file on the USB, and know my online database master password to gain access."
Kind of pointless. You are proposing someone must know the first password "MaryHadALittleLamb" and the second password "AndHadATastyMuttonDinner" So for the same security, you could just change the first password to "MaryHadALittleLambAndHadATastyMuttonDinner" "Or is using a non-encrypted key file on a USB drive sufficient for security?" Yes. The point of a password manager is to make it so you don't have to remember a lot of passwords just one. But you still have to remember -A- password. Note that SINCE the password database is encrypted - you can publicly post it online. In fact, just to demonstrate, here's MY password database. And inside of it I have a Venmo key you can download and get yourself a nice $10,000. All for free. All you have to do is decrypt it and you get the money. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of mo Sent: Friday, May 23, 2025 5:38 PM To: Portland Linux/Unix Group <[email protected]> Subject: [PLUG] password manager login security Hi I'm currently using the KeePassXC desktop application with the database stored on a USB drive to manage my passwords. However, this setup has become inconvenient when I travel and forget to bring the USB, or when sharing updated login information with others, as I need to manually update their USB drives each time. Consequently, I'm looking for a reliable online password manager with robust login security. Proton Pass seems promising, but I'm unsure about the strength of its login security features. Enpass also looks good. Could you please advise on the most secure method for password storage login? I understand that TOTP and text-based MFA are not the most secure options. Is multi-factor authentication (MFA) using a hardware key like a YubiKey considered the best approach? Additionally, I'm curious about creating my own encrypted hardware key stored on a USB drive. Currently, the key file I use with KeePassXC is unencrypted. If someone were to obtain the USB and know my master password, they could access my password storage. How can I encrypt this key file with its own unique password? My goal is to require someone to have the USB, know the password to decrypt the key file on the USB, and know my online database master password to gain access. Or is using a non-encrypted key file on a USB drive sufficient for security? Also, is there an online password storage solution that asks for both a master password & key file in order to login? Thank you for your guidance.
