Since Lastpass’s security breaches I have moved to Bitwarden as a password manager for most all digital accounts EXCEPT for the type of accounts Clark recommends we use a Chromebook for: Banking, Brokerage & Billpay. For tracking those passwords, I simply open up notepad, type the Username & password out, then print on paper WITHOUT saving the notepad document. At that point the only copy is a paper copy that I collect with others in a “secret location” at my home. No hacking that from what I can tell… HOWEVER, what if there’s a fire? I have no backup of these per se. I’m not sure I really need one as I could likely have them each reset with the right amount of identification if such a loss would occur.
Please share your ideas and thoughts about how you do it. I’m open to suggestions and criticisms as I do enjoy elevating security in many areas.
I use a password manager (Stickypass) with sync to other devices. Thus my passwords are available if the main computer goes down. Also there are backup files so if one gets corrupted, I have archived copies.
I have an encrypted file on one of my drives which I created with Veracrypt (VeraCrypt is a free and open-source utility for on-the-fly encryption. The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.). I use the encrypted file but could encrypt a whole drive.
I also have an encrypted external cloud storage, Backblaze which allows me to stoe ALL my files in the cloud. So I have an encrypted file sitting in an encrypted storeage (a file within a file). https://www.stickypassword.com/
I got my lifetime (sync) account at great discount through StackSocial. https://www.stacksocial.com They currently have this StickyPass program for big discount. If you don’t need to sync paswords or access them on other computers, there is the free version.
Some passwords I use are from my Passwordcard. (A PasswordCard is a credit card-sized card you keep in your wallet, which lets you pick very secure passwords for all your websites, without having to remember them! You just keep them with you, and even if your wallet does get stolen, the thief will still not know your actual passwords.) Your PasswordCard - 3,963 printed so far!
I use Proton Pass. I have encrypted backups on two cloud services, and unencrypted backups on two USB drives in my safe, and of course the data in encrypted on two phones and a laptop. You can actually open the JSON file backups and pick out the important information. I have 300 entries, no way could I manage that my paper. Well, I used to, because I re-used the root parts of my password. No more. 20 digit random monsters, and the user names are unique too.
Curious. Do you also keep passwords for banking brokerage and bill pay in the password manager? I’m not so concerned about my credit card account getting hacked so to speak. Not so much as my 401k or my bank account. As far as accounts that are banking brokerage and bill pay, I suppose I only have a dozen or so. Thus I keep those non-digital. Am I being too cautious?
Everything is in the pw manager. No, I don’t think you’re being too cautious, but with a pw manager I can splurge with passwords like Qw57|>7s1KX><}wpc8,* which would be tough to use with paper… it either autofills, or I cut and paste it. Also the pw manager has copies of my MFA codes, so that pops up on the screen when I need it.
These really long complex passwords I change every 3 months for places where I have a lot of money. Then I have VPN, MFA, virus scan. I can demonstrate security to those firms, so if I do get hit, their money back guarantees apply.
I use Fidelity and have my account transfers locked down. Yes, someone could hack into the account I guess and sell all the stocks, but getting the money out would require them unlocking transfers forst and then the transfer takes time.
All the while I would get emails and text messages that my email or phone number had changed, etc.
If you have a number of PINS for things like an ATM card and find them hard to remember, create a non-descript contact in your phone. Use the last 3 digits of the card number as the prefix and the last 4 digits as the pin. If you don’t want to get that explicit, for a Visa use a name that you would need a visa to visit, for Master Card maybe the name is Mike Chambers 9Fist Name staring with M and last with C. For an American Express, America remonds me of Uncle Sam…
Samsung phones may also have a SECURE FOLDER where you can store things. When my friend died, I had t ohelp his partner with financial account. Since I use StickyPass in my regular Andriod phone, I loaded another copy of Stickypass in the Secure folder. Thus they use different databases and to get at that password saver I have to enter yet another password and fingerprint.
Even better than an encrypted file, on my home PC I have a virtual environment of a propriatary opering system which is inside a binary file. I open and run that operating system, log in with a user name and password, bring up a database query program “actually called Query” and go into the database which is another binary file to read the data. This is steps above Jim Phelps (Mission Impossible TV character) going to a photo booth which has an out of order sign on it, placing dimes in a quarter slot to open a secret door where there is a tape recording and photos.
Many sites have you enter an answer to a common prompt which you may have to tell a Service Rep to show you are, who you say you are. Things like “What is your Mothers Maiden Name?”
One time purchase and you can store your passwords locally on your computer and sync over your home network with your phone and other devices. Nothing stored in the cloud to be hacked. I also keep a protected Excel spreadsheet as a backup.
As for security questions the answers should always be nonsensical. Just use your password manager to generate a secure password and use that as the answer to the questions. Then save the questions and answers in your password manager.