My setup for a password manager and MFA authenticator

Disclaimer: I won’t go into many technical details here of how to install/configure/use the software, this is just supposed to be a short description on my setup.

It’s been a while since I started using a password manager at all, and I’m happy that I started with KeePassXC (open source, multiplatform password manager that it’s completely offline) as a direct recommendation from EL ELE EME; before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by Leo (I don’t personally recommed LastPass as Leo does). Note that you will still need a master password to lock/unlock your password database (you can additionally use a hardware key and a key file).

Anyways, setting up keepass is pretty simple, as there is a client for almost any device; note that keepass is basically just the format and the base for all of the clients, as its common with pretty much any open source software. In my case I’m using KeePassXC in my computer and KeePassDX in my phone (Android). The only concern is keeping everything in sync because keepass doesn’t have any automatic method of synchronizing between devices because of security reasons (as far as I know), meaning that you have to manage that yourself.

Usually you can use something like G**gl* drive, dropbox, mega, nextcloud, or any other cloud solution that you like to sync your keepass database between devices; I personally prefer to use Syncthing as it’s open source, it’s really easy to setup and has worked wonders for me since I started using it, also it keeps versions of your files that can serve as backups in any scenario where the database gets corrupted or something.

Finally, when I went through the issue with the micro SD and the adoptable storage bullshit (you can find the rant here, in spanish) I had to also migrate from G**gl* authenticator (gauth) to something else for the simple reason that gauth doesn’t even let you do backups, nor it’s synched with your account… nothing, it is just standalone and if you ever lose your phone you’re fucked; so I decided to go with Aegis authenticator, as it is open source, you have control over all your secret keys, you can do backups directly to the filesystem, you can secure your database with an extra password, etc., etc.. In general aegis is the superior MFA authenticator (at least compared with gauth) and everything that’s compatible with gauth is compatible with aegis as the format is a standard (as a matter of fact, keepass also has this MFA feature which is called TOPT and is also compatible, but I prefer to have things separate). I also use syncthing to keep a backup of my aegis database.


By David Luévano

Created: Sun, May 15, 2022 @ 22:40 UTC

Modified: Thu, May 04, 2023 @ 03:49 UTC