I generate a keyfile, copy it from device to device, then store a copy offline. KeePass programs, like KeePassXC, KeePass, and Strongbox can use a keyfile. There are two other PW managers that do this:Ĭodebook creates a sync key which is used in addition to one's master password on cloud storage. This will stop a brute force attacker cold. To obtain access to my 1Password stuff (authentication) requires my username, password, secret key, as well as either a TOTP code or a FIDO token press. It adds a third factor to authentication. Before I do a mass password change (I do this on a semi annual basis), I rotate out the old 1Password key. It can be rotated out, ensuring that the backend database is not able to be decrypted, even if a past version of the database, the attacker had the password and the secret key.
This is something that all PW managers should consider having as an option:Īs per the link, it ensures that a theft of the backend data is mitigated, because an attacker can't just brute force a user's password, but has to get that secret key somehow.
The use of the secret key, as a part of encryption with the pass phrase is why I use 1Password.
0 kommentar(er)
