Re: [qubes-users] Password management best practices for mid-grade tinfoil hats
On 21/06/16 21:53, Alex wrote: > I have a keepassx instance for each trust domain (eg. Personal, untrusted and > so on). The massively long passphrases that unlock these instances are kept > in the isolated vault VM, along with really sensitive stuff that I don't need > readily accessible to my networked VMs - eg. master encryption keys, gpg > personal keys, 2FA override codes and the like. > > I have stopped storing passwords in the Firefox password manager as there > have been practical attacks against it that to me feel are easier to land > than an attack against keepassx. > If you are storing your bank passwords on your bank domain or your mail password on your mail domain, password managers from apps like Firefox or Thunderbird are safe. Specially if your domains are blocked for only connect to bank/mail servers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ea5a1b1-2b0d-18ec-5c99-f577558bdc5e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password management best practices for mid-grade tinfoil hats
On 06/21/2016 11:13 AM, stephen.wick...@gmail.com wrote: As I'm moving from OS X to Qubes, gradually, I wanted to get a feel for best practices for management of passwords. Qubues has KeePassX. Should I trust that over the Firefox password manager? Or pretty similar? Would it be a good idea to keep the password manager in a non-networked VM? Or am I growing my tinfoil hat from mid-grade to high-grade? ;) Thanks for your thoughts. Qubes best practice is to use a non-networked 'vault' vm for holding passwords and keys. You can run keepassx in vault and use Qubes copy/paste between that and other vms. Whether it is 'safe' to store passwords in firefox has a lot to do with how sensitive the password is, and how much risk you're taking with that vm. If you're just randomly browsing the web with that vm, then I would not store passwords there for anything other than trivial accounts. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d3226d23-a0c7-296d-196f-4bf1003a98f2%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.