0

This may be a little unnecessary, but taking into consideration:

  • There are many ways to hack a computer
  • There are many ways to hack a network
  • There is always a possibility of an undetected malware on a device
  • You can't be by your computer 24/7, leaving time for others to (possibly) hack your hardware
  • There is the possibility of an unknown exploit in a software or algorithm
  • There is the possibility of someone tampering with your device before you even buy it
  • There is the possibility of the government placing backdoors in common hardware
  • The government works with various companies that have access to your data (such as Google [Google Chrome & Android], Microsoft [Windows], Apple [Mac & iPhone])
  • The high possibility the government has unknown exploits to access your computer or data

What is the best way to store a password list?

The method I am think of includes:

  • Creating a long passphrase algorithm
  • Using the passphrase algorithm to generate a password for each account
  • Splitting the passphrase algorithm into 3 sections
  • Writing down each section of the algorithm separately
  • Hiding 1 of the lists in various spots around the house
  • Hiding 1 at a relatives house (Government can't get warrant without valid reason, or tear apart a house to find a tiny piece of paper)
  • Hiding 1 in a lockbox, given to a lawyer (Government can't break attorney/client privilege)
  • Only inputting the passwords on a secure OS such as Qubes/Whonix

Can anybody think of a better method of storing passwords? (That doesn't require complete memory and is still accessible if one were to forget the passphrase algorithm)

Okay, to clarify:

To protect against:

  • A password cracker
  • Somebody with access to the hard drive for a full day but never again (in encrypted format, with the hope there is no backdoor on the hardware to begin with)
  • A government agency raid

Not taking into account:

  • Sever-side security
  • Potential backdoors in OS script (Fresh installation)

To protect:

  • Incriminating information
user247973
  • 1
  • 1
  • 1
    The method you devised does not take into consideration,that you stated in the consideration column. – yeah_well Dec 26 '20 at 13:54
  • "Most secure" -- the one thing you always need to be able to answer is "secure from *what?*" Once you define that, then you have something to compare against – schroeder Dec 26 '20 at 13:54
  • If it is possible to "hack" into a computer/network/account, then passwords really are not your concern. They already have the data that the password protects ... – schroeder Dec 26 '20 at 13:57
  • Okay, I clarified a bit @schroeder♦ and @yeah_well – user247973 Dec 26 '20 at 14:10
  • Where you store your password makes no difference to a password cracker. So, either your process is irrelevant or that threat is. What does "government raid" mean? If you simply mean that someone has physical access to your devices, then you can combine those 2 points. And again, that's not relevant to where you store your algorithm. – schroeder Dec 26 '20 at 14:11
  • I could respond by simply saying: no, that's not "best". The best option is to use an algorithm that you memorise -- so writing it down is no "best". So, what is it that you are trying to solve here? – schroeder Dec 26 '20 at 14:12
  • I am basically trying to create a backup method for the algorithm if one were to forget the algorithm – user247973 Dec 26 '20 at 14:15
  • Your algorithm protects the "passwords", not the "incriminating information". I think that you are trying to solve too many undefined problems at once. You don't want to digitally store your passwords, but then you devise an algorithm storage method. Those things don't connect. And why do you need involve a lawyer? Do you want to be able to pass on the algorithm to someone else? I'm very confused about what you are trying to solve. – schroeder Dec 26 '20 at 14:15
  • There are tons of solutions to not having an easy-to-discover, physically recorded password. Like: https://www.passwordcard.org/en Keep one of those by the computer, and store a backup in cloud storage in case you lose the physical one.. – schroeder Dec 26 '20 at 14:17
  • So you're saying a password cracker would not be able to crack the password card? I am not very convinced. And why was my question closed so early? I've literally got input from 2 people when there is an entire community here? – user247973 Dec 26 '20 at 14:24
  • I closed it because, as I said, it is not clear what you are trying to do, and the "entire community" has already dealt with a few of these types of questions. – schroeder Dec 26 '20 at 15:25
  • Your question, as asked is, how to store passwords so that you can remember them, but they are not in a format that someone can easily steal? We have many such questions here with lots of answers. – schroeder Dec 26 '20 at 15:29

0 Answers0