Dan Goodin3d ago
Em 

For World Password Day today ๐Ÿ”‘โœจ

Here again is my tutorial on
how to install the excellent local-only password manager KeePassXC (with a YubiKey)!

This is what I use to store all my passwords! ๐Ÿ”‘๐Ÿ”‘๐Ÿ”‘๐Ÿ”‘๐Ÿ”‘  

My only disappointment is not starting to use it earlier. Keep your passwords safe! For free! And offline!

https://infosec.exchange/@Em0nM4stodon/114184594797507039

#WorldPasswordDay #Security #Privacy #KeePass #KeePassXC

Em :official_verified: (@Em0nM4stodon@infosec.exchange)

Attached: 1 image New Privacy Guides article ๐Ÿ”โœจ by me: If you want to keep your password manager local-only, KeePassXC is a great solution! It's free, Open-source, Easy to install and use, Doesn't require an account, Works on Linux, macOS, and Windows, And the team is here! ๐Ÿ‘‰ @keepassxc@fosstodon.org Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/ #PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

Infosec Exchange
May 1 at 2:53pmWeb
Show threadTaggart 3d ago
@Em0nM4stodon Cosigned! KPXC is my trusted secret store as well.
Show threadMark Reeves3d ago

@Em0nM4stodon I โค๏ธ KeePassXC, donate monthly via OpenCollective too.

https://keepassxc.org/donate/

Donate โ€“ KeePassXC

KeePassXC Password Manager

Show threadEm 3d ago
@heymarkreeves Awww yes, absolutely! Thanks for this link ๐Ÿฅฐ๐Ÿ‘
Show thread4bz3d ago

@Em0nM4stodon ditch the online password managers!

That being said I cheated ๐Ÿคช. My keepass file is stored in my nextcloud server, that's only acceptable via wireguard. So that's how I sync my passwords across devices ๐Ÿ˜…

Show threadEm 3d ago

@4bz An excellent solution!๐Ÿ‘ I don't personally use synchronization (I don't really need it) but I do also keep a remote copy of my password databases on an encrypted cloud service.

I absolutely love having the choice of where I store that file, or not.

Show threadLogan Fick3d ago
@Em0nM4stodon KeePassXC is fantastic. I definitely recommend it, especially for World Password Day.

I want to add something on the topic of backups: Keep an eye out for any dependency loops you might create when backing up your database. For example, if the password to access the cloud storage account storing your backup is stored in that same database, you will get stuck if you get signed out and don't have a local copy handy.
Show threadEm 3d ago
@logan Ah yes indeed! A very important point to keep in mind!
Show threadUnicornLady3d ago
@Em0nM4stodon
I have used offline password managers but I like to use Proton Pass at the moment, I know it is an online option but I have a fair amount of trust in the origination and their technical skills around privacy, even with the occasional controversy. I have explored the controversies as they come up and have yet to find any that are based on anything more then hearsay or something taken out of context, etc. Maybe at some point I will go back to offline password managers who knows.
https://proton.me/pass
Proton Pass: Free password manager with identity protection | Proton

Store, share and sync passwords, passkeys, email aliases, and more, on any device, with our open-source, free password manager. No trials, just free forever.

Proton
Show threaddraeath3d ago
@Em0nM4stodon check out the "have I been pwned" integration too!
Show threadUnfunnyRyan ๐ŸŒŽ โ™ป๏ธ3d ago
@Em0nM4stodon There's a great browser extension for keepassxc.
Show threadbarelysecure3d ago
@Em0nM4stodon KPxc on all the desktop OSs, https://apps.apple.com/us/app/strongbox-password-manager/id897283731 on my Apple mobile crap and Nextcloud to sync.
โ€ŽStrongbox - Password Manager

โ€ŽStrongbox is an application for keeping all your passwords safely stored and protected by one master password. Supporting the open source Password Safe and KeePass formats. *** Features *** - Touch ID & Apple Watch Unlock for the ultimate in convenience, security and speed. - Passkey support - Thโ€ฆ

App Store
Show threadUnicornLady3d ago

@Em0nM4stodon
I thought I would add a second story on password managers, I find this site helpful as well as @privacyguides

Their name is Electronic Frontier Foundation @eff
mastodon.social

Choosing a Password Manager
https://ssd.eff.org/module/choosing-the-password-manager-that-s-right-for-you

I have been considering using a authenticate key or app but I would lean more to open source apps that can and have had their code audited by a third party looking for weaknesses. I haven't decided on one yet.

Choosing a Password Manager

Password breaches are a common occurrence, and if you use the same password on every site, that may grant access to bad actors who try out that password elsewhere to get into your accounts. The best way to protect yourself is to use a unique password everywhere (and two-factor authentication,...

Show threadDay3d ago
@Em0nM4stodon Thanks for posting this, finally going to switch!
Show threadEm 3d ago
@thymos ๐ŸŽ‰
Show threadcarstenraddatz3d ago
@Em0nM4stodon Excellent. Everyone, which NFC based key do you use for unlocking, if any?
Show threadEm 1d ago
@carstenraddatz KeePassXC is for desktop-only, so less likely to require NFC, but I do use a YubiKey 5 NFC: https://www.yubico.com/ca/product/yubikey-5-nfc/
USB-A YubiKey 5 NFC Two Factor Security Key | Yubico

Protect yourself from account takeovers with the efficient, multi-protocol YubiKey 5 NFC. Go passwordless with our NFC capable security key.

Show threadcarstenraddatz1d ago
@Em0nM4stodon Erm, yes, my bad. I meant to ask about KeePassDX for mobile. Will that unlock via NFC?
Show threadEm 1d ago
@carstenraddatz I unfortunately am not familiar with KeePassDX on mobile.
Show threadcarstenraddatz1d ago
@Em0nM4stodon Thank you for helping me notice up my confusion.
Show threadEm 1d ago
@carstenraddatz Very happy to clarify this if it helped! It is indeed very confusing with all the KeePass compatible applications using such similar names. Completely understandable! Sorry I can't help with KeePassDX.
Show threadBruce Heerssen3d ago

@Em0nM4stodon
I've been using KeePass in conjunction with NextCloud for years. It's a really good solution. I don't have to trust and rely on third parties to keep my passwords safe and nextcloud keeps it synced across devices.

I'm not a big fan of hardware tokens, though, unless you really need the added security. They are too easily lost or damaged, and using them on a mobile device would get really old really fast.

Show threadBlue Luma2d ago
@Em0nM4stodon what about using @nitrokey to be open-source ?
Show threadEm 1d ago
@blueluma Unfortunately not supported in this context yet.
Show threadBlue Luma1d ago
@Em0nM4stodon what do you mean by "not supported" ?
There is nothing preventing someone to encrypt its KeePassXC database with a nitrokey 3 (https://docs.nitrokey.com/software/nk-app2/keepassxc) isn't it ?
KeePassXC - Nitrokey Documentation

Show threadEm 1d ago

@blueluma Ah yes, but for this tutorial I only recommended what was officially supported by KeePassXC's documentation at the time of publication.

I cannot test all possible settings for each app or I would probably spend the whole year working on only one article ;)

You can see in this section KeePassXC recommends either YubiKey or OnlyKey, but of course that doesn't mean other setup might not work too.: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/#step-5-add-your-yubikey

Also here from KeePassXC's documentation: https://keepassxc.org/docs/#faq-yubikey-2fa

KeePassXC + YubiKey: How to set up a local-only password manager

This tutorial demonstrates how to install the local-only password manager KeePassXC and secure a password database with YubiKey.