65
How you all prevent Password/OTP/TOTP deadlocks?
(programming.dev)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
I thought KeePass files are strongly encrypted. How are they the weakest link if you use a proper pass phrase?
A strong and unique passphrase is indeed really important here, but you need to keep in mind that once the kdbx file is in the attacker's hand, that's the only thing that keep them out.
There's no 2FA, and no throttling on the bruteforce process. So it's really important to use a strong password there to avoid it being the weakest link.
You can kind of do MFA on the database. You can require a key, which can be very long and complex, and you can store it on a USB drive. You might be able to use a key stored on a yubikey or something too, I haven't tried it. It probably depends on which KeePass variant you're using.
I use KeePass with three factors:
Works really well IMO. I use KeePassXC on Linux and KeePass2Android on Android.
I suppose they all use the same challenge-response key?
Yes, unfortunately they need to atm.