general password privacy advice re: twitch hack 

you should have all of your passwords be different, randomly generated, and stored in some secure database.

for people whose threat models require offline storage (read: almost nobody), there's KeePassXC, but in most cases you should be using a third-party cloud password database since it helps ensure you don't lose it. you also should be using a browser extension to auto-fill passwords, since it's both convenient and adds an extra layer of protection by not putting passwords in the clipboard by default.

I recommend BitWarden since it's cheap, open-source (and hence easily auditable by third parties), and has pretty nice browser extensions and mobile apps, but there are also people who use 1Password and LastPass, both of which have been vouched for by security folks

if you're the kind of person who likes remembering passwords, I recommend using the built-in generator for your password DB, since most of them offer passphrase options which will be easier to type out manually if needed, but still doesn't have to be remembered. see:

most password database tools also offer storing 2FA secrets as well, meaning that you can use it like an automatically backed-up authenticator app. in most cases, instead of scanning a QR code, you can copy the secret token for the 2FA directly and store it in these databases, while still being able to generate the numbers needed for most apps.

general password privacy advice re: twitch hack 

@clarfonthey i use keepassxc combined with a file synchronization service (nextcloud in my case), is this a good idea?


re: general password privacy advice re: twitch hack 

@devurandom in general: not really. the apps for keepass aren't nearly as good as the alternatives, and pretty much all the alternatives offer keepass import. you still have the issue of making sure you have the right version of the database also which means in some cases you can deal with passwords lost

that said, for someone more tech-savvy, it's not as big of a deal. for someone like my mother, who I introduced to KeePass years ago, I helped transition her to BitWarden since the better user experience was 100% worth it. it's very easy to migrate over the whole database.

Sign in to participate in the conversation

On the internet, everyone knows you're a cat — and that's totally okay.