Advanced Password Management and Storage
In the beginning sections of this paper, I talked a bit about creating strong passwords and how to store them securely. However, if your threat model fits you into this final category, you pretty much need to ignore all of that and redesign your system for password management. I highly recommended Bitwarden because it is incredibly easy for all kinds of Internet people to use but also very secure from a malicious person trying to steal your information and identity. There are quite a few issues with Bitwarden when your life depends on security and privacy. Our data is stored inside a vault that is fully encrypted with our password, but we can’t confirm that there are no backdoors because we can’t see the source code for ourselves. Secondly, Bitwarden stores your passwords in the cloud and I would probably avoid all cloud-based password managers if I fell into this category of people. Lastly, what if they are provided with a subpoena or warrant for our information? Then what?
The created passwords are secure, but they don’t have enough randomness to them to give us a high enough level of security. Instead, I would recommend creating or generating passwords 19-20 characters of length for most of your online accounts, and 40-50 characters for services that are dealing with sensitive information/documents (SpiderOak, VeraCrypt, etc). To create this longer 50 character passwords, one should be using Diceware and adding in symbols & numbers at the beginning/end. An example of a strong random word password could be:
%[<Humming Greek slider for Timothy star@\@182
Something like this uses 5 randomly generated words and the connecting word “for” to make a fairly memorable sentence of them and adds some symbols and numbers to increase the strength. An alternative method I came across when doing some reading was to use the traditional Diceware method but to generate 5 words and put a symbol with 2 spaces in between each word. The result would be something like this:
good * waterfall / Cambodia ; finances [ again
You would be acquiring the password strength offered by the randomness of diceware, but adding to it by throwing in 4 symbols and 2 spaces for each one. But if you are the kind of individual who can remember a 35, 40, or even 50-character random password, all the power to you!
Since we shouldn’t store our passwords in a cloud-based service, we need to look at getting one that provides the same security requirements, but keeps everything in a local format that we can encrypt. Probably the best password management software out there right now in terms of security would be KeePassXC. Originally an application just called KeePass was developed (back in early 2000s), but it only worked/works properly on Windows based machines. So because of this KeePassXC was created as an open source fork of the program in 2005. It uses either 256-bit AES or 256-bit TwoFish for the encryption of your KeyPass Vault, but because the file is portable, it can be stored on an encrypted SD card very easily. Like Bitwarden, it requires a master password for encrypting and decrypting the data but also allows a user to add a keyfile for added security (much like how TrueCrypt and VeraCrypt do). Because KeePassXC doesn’t need access to any sort of a server with all the password management being done locally, you can firewall/block all connections to and from the program for added assurance. Check it out here: Secure Password Managers