michael/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f164ed57191fca1668790d97f363c40ec6906c19
notes/Security/PasswordManager.md

3.3 KiB
Raw Blame History

Password Manager

This document describes my current password manager along with past managers.

Proton Pass

My current password manager of choice is Proton Pass, this is where all passwords have been migrated to starting late 2024.

Proton pass also stores 2Fa secrets and recovery codes for services that I use 2Fa with, however I do NOT use Proton Pass for TOTP codes, that is done with the Yubikey Authenticator app.

Positives of Proton Pass

  • Email aliases
  • Uses PGP encryption (however they hold the private keys).
  • Includes apps for macOS and iOS (my primary operating systems).

Downsides of Proton Pass

  • Keyboard shortcuts (it has none).
    • To work around this, I install as a PWA (progressive web app), and use the Vimium extension to navigate with keyboard.
  • Vendor lock in
    • Requires a subscription, but I use their mail client / services anyway.

Yubikey Authenticator

Yuibikey Authenticator is used with my yubikey's. It stores passkeys, my pgp keys, signing certificates, etc. It is used to require a hardware bound device to important services that I use, such as banks, iCloud, etc.

All TOTP (time based one time passwords, the 6 digit codes they ask for when using two factor authentication [2fa]) should be managed by Yubikey Authenticator. They were previously managed in Proton Pass, however using a yubikey requires the hardware key to be in my possession and activated with a security pin in order to use the TOTP values.

The 2Fa secrets are stored in Proton Pass, so that they can be setup on my backup yubikey and / or setup on other password managers in the future, if desired.

Note: As of the time of this writing, I'm very new to using yubikey's so I don't have good pros / cons of this solution yet.

Gopass

Gopass is terminal based password manager that uses pgp encryption.

Gopass stores passwords in git repositories, all passwords are encrypted with my pgp keys. This stores passwords that I want / need to get to quickly and easily when working in my terminal. It is not a complete list of passwords as there's not great integrations with browsers.

Most passwords I store in Gopass are duplicated to Proton Pass as that is a more user friendly interface in the event that something happens to me and someone else needs to access my passwords.

Gopass is where most passwords are stored for internal services that run on the company servers. It does require that pgp keys are setup to use it, which may be more useful now that the pgp keys are stored on my yubikey's, however I could not completely rely on this password manager (especially when setting up a new computer) because I don't initially have access to gitea (my internal git server) until some setup is done on a new machine.

Cons of Gopass

  • If you lose access to your pgp keys you will loose access.
  • Migrating to new pgp keys is a bit of a PITA.

Previous Password Managers

  • pwSafe (still has some company passwords stored in it from when the company was started)
    • Not all passwords have been migrated, so this needs to stay around.
  • macOS/iOS Passwords (all passwords have been deleted from this manager, except Proton's password)
    • All passwords deleted 03/2025, except proton (kept proton password, encase it's needed when setting up a new machine).
Reference in New Issue View Git Blame Copy Permalink