From 1cb25d34b2c5efffd779560cde4e96a7b5231e42 Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Sun, 15 May 2022 16:43:35 -0600 Subject: add entry related to password and mfa manager --- art/dst/rss.xml | 4 +- .../a/password_manager_authenticator_setup.html | 152 +++++++++++++++++++++ blog/dst/index.html | 1 + blog/dst/rss.xml | 26 +++- blog/dst/sitemap.xml | 6 + blog/dst/tag/@english.html | 4 +- blog/dst/tag/@short.html | 4 +- blog/dst/tag/@tools.html | 4 +- blog/src/.files | 1 + blog/src/a/password_manager_authenticator_setup.md | 24 ++++ 10 files changed, 219 insertions(+), 7 deletions(-) create mode 100644 blog/dst/a/password_manager_authenticator_setup.html create mode 100644 blog/src/a/password_manager_authenticator_setup.md diff --git a/art/dst/rss.xml b/art/dst/rss.xml index fdfbed2..776bd8f 100644 --- a/art/dst/rss.xml +++ b/art/dst/rss.xml @@ -13,8 +13,8 @@ Copyright 2021 David Luévano Alvarado david@luevano.xyz (David Luévano Alvarado) david@luevano.xyz (David Luévano Alvarado) - Sun, 15 May 2022 10:03:50 GMT - Sun, 15 May 2022 10:03:50 GMT + Sun, 15 May 2022 22:40:48 GMT + Sun, 15 May 2022 22:40:48 GMT pyssg v0.7.1 https://validator.w3.org/feed/docs/rss2.html 30 diff --git a/blog/dst/a/password_manager_authenticator_setup.html b/blog/dst/a/password_manager_authenticator_setup.html new file mode 100644 index 0000000..33c1830 --- /dev/null +++ b/blog/dst/a/password_manager_authenticator_setup.html @@ -0,0 +1,152 @@ + + + + + + + My setup for a password manager and MFA authenticator -- Luévano's Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ +
+

My setup for a password manager and MFA authenticator

+ +

Disclaimer: I won’t go into many technical details here of how to install/configure/use the software, this is just supposed to be a short description on my setup.

+

It’s been a while since I started using a password manager at all, and I’m happy that I started with KeePassXC (open source, multiplatform password manager that it’s completely offline) as a direct recommendation from EL LM; before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by Leo (I don’t personally recommed LastPass as Leo does). Note that you will still need a master password to lock/unlock your password database (you can additionally use a hardware key and a key file).

+

Anyways, setting up keepass is pretty simple, as there is a client for almost any device; note that keepass is basically just the format and the base for all of the clients, as its common with pretty much any open source software. In my case I’m using KeePassXC in my computer and KeePassDX in my phone (Android). The only concern is keeping everything in sync because keepass doesn’t have any automatic method of synchronizing between devices because of security reasons (as far as I know), meaning that you have to manage that yourself.

+

Usually you can use something like G**gl* drive, dropbox, mega, nextcloud, or any other cloud solution that you like to sync your keepass database between devices; I personally prefer to use Syncthing as it’s open source, it’s really easy to setup and has worked wonders for me since I started using it, also it keeps versions of your files that can serve as backups in any scenario where the database gets corrupted or something.

+

Finally, when I went through the issue with the micro SD and the adoptable storage bullshit (you can find the rant here, in spanish) I had to also migrate from G**gl* authenticator (gauth) to something else for the simple reason that gauth doesn’t even let you do backups, nor it’s synched with your account… nothing, it is just standalone and if you ever lose your phone you’re fucked; so I decided to go with Aegis authenticator, as it is open source, you have control over all your secret keys, you can do backups directly to the filesystem, you can secure your database with an extra password, etc., etc.. In general aegis is the superior MFA authenticator (at least compared with gauth) and everything that’s compatible with gauth is compatible with aegis as the format is a standard (as a matter of fact, keepass also has this MFA feature which is called TOPT and is also compatible, but I prefer to have things separate). I also use syncthing to keep a backup of my aegis database.

+

TL;DR:

+ + +
+ + + + + Index + + + + + + + Previous + + +
+ + +
+
+

By David Luévano

+

Created: Sun, May 15, 2022 @ 22:40 UTC

+
+

Tags: +english, short, tools

+
+ +
+
+ + + + \ No newline at end of file diff --git a/blog/dst/index.html b/blog/dst/index.html index b048273..484baa0 100644 --- a/blog/dst/index.html +++ b/blog/dst/index.html @@ -95,6 +95,7 @@

Articles