0

Please assume that I use some FOSS, SaaS, public key && passwordized private key protected password vault program to primarily store passwords of websites I rarely use (such as Q&A websites or free content enterprises), which are not very "sensitive" by means of security and that I wouldn't have any significant damage if any of these accounts would be hacked but I contemplate to save the password of my bank's website bank-account-management-account password in that password vault.

Please further assume that I store the private key in my password-protected operating system and that I have fully memorized my private-key's password.

Is there a standard about storing the password of a bank's website bank-account-management-account in a password vault?
Perhaps a better question (or a worse question) would be, is it safe to store the password of a bank's website bank-account-management-account in a password vault?

yolorolo
  • 1

1 Answers1

0

There are different approaches to storing passwords, and it might vary according to your threat model, your affinity with relevant technical tools, and the frequency at which you query the passwords.

There are hardware options, and software options, and in-usage it seems people adopt a combination of both. The standards can vary from using an air-gaped machine, on-device key, and access management protocols, to simply using a software password manager (I assume you mean password manager by the term "password vault").

You could take a look at several sfotware tools that can help you store your sensitive passwords (i.e. bank creds). From the top of my minds, I would recommend KeePass, Password Gorilla, Mozilla Lockwise, or simply your in-browser password manager. Qubes OS handles this in a more use-friendly manner, but it still requires a relatively advanced technical knowledge.

I would recommend this short read on the potential flaws of password managers, here.

Community
  • 1
sbstrkt
  • 21
  • 3