this post was submitted on 05 Jul 2024
736 points (99.2% liked)
Technology
59128 readers
2569 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As far as I'm aware, the aegis database format is only used by them. You also can't do an automatic import (only export), so keeping multiple systems in sync (particularly more than 2) can only be tedious.
If that's what you're after, just use a KeePass database, in particular if you're already using one anyway. Most clients can sync with a remote storage (like Keepass2Android or KeePassXC on multiple platforms), and I do mean real sync: Both sides can have modifications, and it'll consolidate them correctly (of course unless both have modified the same entry, then you'll be prompted). Just throw the database onto a nextcloud or something, as the clients can also usually talk to that directly without another app doing the file transfer (at least Keepass2Android can).
BitWarden has a pretty good reputation, and is a frequent recommendation as well. But then again, so was Authy... With your own VaultWarden as the backend (if you can easily host that yourself) it would be a no brainer as a near universal solution. And this would probably also be "secure enough" for normal, everyday purposes. It can import and export a KeePass database btw, if that helps.
Since I haven't actually said anything about how I'm handling this, here's a quick summary: Critical accounts use a complex password (stored in my password manager) and the 2FA is only stored in Aegis. There are generally backup codes on paper stored "somwhere safe", if this is supported by the service (google does, steam does, ...). On any account that just happens to require 2FA, but I don't use it for anything critical, the TOTP is just stored inside my password manager, for convenient auto-filling. Examples are a Twitch account (I don't stream, I just happen to have an account for chat and stuff). My password manager is also KeePass-based and used on multiple systems, sync'd via nextcloud and with a mf'er of a password (plus an additional factor). I generally don't reuse passwords anymore, at all, ever: They are generated, at least 24 characters long (usually longer) unless the service prohibits passwords of that length (yes, this happens, surprisignly often actually). The password database is of course backed up in like 3+ different locations, and some are located somewhere physically different (i.e. not at home).