Thread

Same I just use PGP usb drive + fprintd pam module.

👆This guy Linuxes!

Hi, I use KeepassXC and have a good, long master password which I know by heart. In my experience, if you use it regularly, this should not be an issue.

I am never using biometrics for things. Biometrics, at least in the US, at NOT protected by law, and thus, anyone using fingerprints or faces can be compelled to unlock their devices with the use of those. Passwords still enjoy some privilege under the law. Once every couple of weeks would be better than every effing time. Ugh. I am not sold on using a hardware key, either. They are easy enough for me to misplace, and if I have them on my person that just makes it easy for the donut squad to unlock whatever. *sighs* I hate all of this.

Fair enough. A $5 wrench is one of the most accessible "hacking" tools around, and a lot of people fail to consider it: https://xkcd.com/538/ To be fair to Yubikey, you can have multiple keys and "cold wallet like" backups, as well as good rotation procedures if you lose one. Plus you can setup things so that sessions last longer and you don't need to carry your keu with you (at the cost of security, of course). This still won’t protect you from a $5 wrench, but even though I’m a big guy, I don’t think keeping a password stored in my head offers much additional protection if things really get rough... On the convenience vs security scale, maybe what works best for you is a password that’s easy to glide type: https://xkcd.com/936/ And since this post includes not one but two XKCD references, you know it’s solid advice 🤣🤣.