I would use a passphrase instead of a password. Make it a meaningful phrase and it'll be hard to forget.
I had a password that I committed to muscle memory once... and then my muscle memory disappeared and my brain memory didn't remember it... and... it was not good... ๐
Passphrase 1000% I've never had trouble remembering my passphrase.
Do you have a system, or I guess I can say a cipher, for using passphrase? I have one but then I thought what if someone social engineered my cipher, figure it out from whatever beaches or I forgot it?
Now I just use bitwarden to generate passphrase. At least I can remember that for 30 seconds when there are sites or apps that somehow blocks auto filling. And to never forget the master password
I don't think there are many mistakes to be made.
Just:
Password managers are actually easier to use than not using them
Write it down on paper and keep it safe. You don't have to label it with what it is.
Just don't save it electronically.
I don't usually write stuff on paper and feel I might never remember that I've wrote my password somewhere on a paper. But yeah ig it's better to write it down and have it somewhere than not write it at all.
There's things you should keep safe, birth certificate, marriage license, car titles, etc.
Buy some sort of paper storage thing and keep everything safe there.
Ideally, it should be something that you can grab and bring with you in an emergency, but not something easy for someone to steal. Something like a fire safe that has a cable that can wrap around something secure, but relatively easy to unlock in case of disaster.
You can tell me what it is and I'll remember it for you /s
h*****2
Make backups and store in a secure location
Make multiple backups and store multiple places.
I don't think its been mentioned here yet but having a yubikey configured for your bitwarden account can be really handy.
Use 2FA. Keep any recovery codes safe (preferably in a safe with your important paperwork).
I've used a password manager for many years (1password then bitwarden) and have never had an "oh shit" moment. I use a master password that I'll never forget, have never needed a hint and have never lost or corrupted a password. I feel that as long as you treat your password manager as something that's important and deserves your careful management, you'll be a-ok. I have never once had an issue that was created by the manager itself.
Out of curiosity, why did you switch from 1password to bitwarden?
Not for any reason having to do with security or usability, 1P had always been great for me in those areas. The reason I left them is because, while I was fine being unimportant in regards to their future improvement plans, when they wanted to charge me 30% more for new features that only benefited their business users, I was unwilling to stay with them. This article is a good example of what I mean. An entire update post regarding all the changes for business users and for the personal user? It goes on to say "don't worry, your experience won't be negatively impacted". I will never agree to that kind of price hike for what is basically "we won't make your experience shittier".
https://1password.com/blog/a-unified-future-whats-next-for-our-end-user-experience
Tip for passwords in general:
Create a password, but don't actually use it yet.
Like... make an empty account for Bitwarden (or if you use Keepass, make an empty database) with that password, then keep logging in every 5 minutes or so... for like 3 times... then log in like every 1 hours or so for lile 3 hours... then ever 6 hours...
etc...
make sure you spend like 1 or 2 days doing this routine... of logging in every X time to get it committed to memory...
THEN after you know its memorized, start using the Bitwarden account (or Keepass database).
Also if you are using Bitwarden, pay like one time for the premium (its yearly but you can cancel the renew).
Set up emergency access to anoyher Bitwarden accouny with a secondary email
Then add that secondary Bitwarden account as your Primary's Emergency Access contact.
Then write the SECONDARY account's Email address, Email Password, and Bitwarden Password, on a piece of paper.
Set it for like X time then check your email for your primary account every X/2 days (if you set it as 14 days for recovery, check it at least once every 7 days) to make sure nobody got your piece of paper and tring to steal your passwords.
You can store it in a bank safe... or just in a drawer somewhere at home is fine too. Even if a roomate/family member gets it, you get a notification if they try to do emergency access...
This protects you from randomly getting retrograde amnesia...
And this is better than actually writing your PRIMARY account's log in details down, because it give you a 14 day buffer (or whatever days you set it to) before someone can actually make use of those credentials...
And afiak, you only need premium to add an emergency contact, you don't need premium for future years to keep it continue working.
Do you have a family member or a close friend who is tech savvy and is also using BW? If yes - you could set up an emergency access, so that they can initiate an account takeover should you somehow entirely lose access to everything and need it recovered. The original intent is to take control of an account of a deceased person.
If that's not an option - just save your master PW somewhere offline. Another person suggested paper, but honestly evaluate your own threat levels and consider having an offline backup of it on a device that never connects to the internet (e.g. a flash drive that you only connect with the internet turned off). You can also make an offline export of your vault onto that USB in case you get locked out and need at least your data recovered. Generally don't overthink your master PW, a 10 word passphrase with a number is good enough, if it's not a grammatical sentence - even better, it can even be not in English. There are also ways you can "salt" your PW in addition, say, your PW is hello-friend-joke-inventing5, you can save it as housing2-hello-friend-joke-inventing500 and just remember to remove the extras. If you are not specifically targeted and don't click on fishing links, then honestly even if you save your master PW in your own BW vault nothing will happen, even less so if it's salted.
The only way to truly mess up your vault is to change keys without logging out your devices, but BW explicitly warns you at each step of that process, so it's up to you not to ignore the warnings.
you could set up an emergency access
Oooh, huh. TIL https://bitwarden.com/help/emergency-access/
only keep unimportant passwords in an online manager. important ones keep in an offline manager.
One follow up question, can the Master Password hint be extremely obvious or should I make it bit trickier to enchance the security?
Master Password hint be extremely obvious
Given that Bitwarden is on the cloud, where the whole world can access it, I'd say no...
Making the MP hint obvious makes it pointless, in regards to the security to every password you have stored.
It's kinda only source to my MP and not making it kinda obvious might lock me out is my thinking.
I understand your point but if it's obvious, it's likely easily-guessable and although you are thinking in terms of regaining access to your account, it's just as important to keep other people from being able to gain access to your account by either guessing it or using social engineering to retrieve the answer.
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, toxicity and dog-whistling are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Logo design credit goes to: tubbadu