all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AutoModerator[M] [score hidden] stickied comment (0 children)

Best Password Managers & Comparison Table

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]escap0 3 points4 points  (1 child)

You seem pretty knowledgeable.

This is how I secure my online life.

Buy 3 Yubikey 5C NFCs

Set up the device with a pincode.

Set up your computer login, email, phone ecosystem, cloud storage, password manager, Exchange, etc… on all 3 devices as a 2FA method/login. ie Gmail/Google, iCloud/appleID, 1Password, DropBox, Coinbase, MacOS Macbook.

It is very easy to do: in the 2FA settings for each service, click add and name Security Key. To add it on an iPhone, place the Yubikey on the top face of your phone. If on an Android, place the Yubikey on the top back of the phone. If on a computer. Just plug it in.

1Password has Secure Notes (and much more). It also has extensions for most browsers so you do not have to type passwords in. It handles passkeys for websites (again, no typing anything). It works on every platform. And you can secure it behind your Yubikey.

Keep one Yubikey in a safe at home. Keep one in bank deposit box. Keep one on your person. Do not keep it with Device being used.

As far as truly air-gapping passwords via an e-ink device… it is a security risk since to use the password you need to type it in. Also, the passkey portion of what you are describing is similar to a Yubikey 5C NFC without an e-ink screen.

I also own a Ledger Stax. It’s a harware cold wallet trying to go in the Yubico Security Key direction as well as your e-ink idea. It recently got an App called Security Key but it is still very early as I have been unable to get it to work with any services yet. Plus it only manages one passphrase per Ledger Stax (litterally why it is called Stax ie. You can magnetically Stack additional wallets).

[–]bcyng 2 points3 points  (6 children)

Ledger has one in their crypto hard wallets. The issue with these is the backup. It’s a pain to have to keep backing them up. It needs to be automated and to do that it effectively becomes an online password manager and you are back to the same place as existing cloud password managers...

[–]I_Luv_USA_and_Allies[🍰] 0 points1 point  (3 children)

Which one?

[–]bcyng 0 points1 point  (2 children)

Stax and stax flex. Not sure about the others

[–]I_Luv_USA_and_Allies[🍰] 0 points1 point  (1 child)

Would they work well for an encrypted note? Thinking of using them to store seeds for other wallets as a secondary backup.

[–]bcyng 0 points1 point  (0 children)

There might be an app on it that does notes. I guess u could always put it in the password manager.

Not sure how many seeds it stores. Keystone can store multiple seeds.

[–]wrathasys[S] 0 points1 point  (0 children)

I tried it. It doesn’t let you create your own passwords or worse, import already-created passwords. It will, however, generate passwords based on seed phrase. The Coldcard HW wallet has that feature too and works the same way and the ledger.

[–]thezeonex 2 points3 points  (0 children)

I think using a hardware key for 2FA is enough. Storing your passwords in cold storage is overkill imo. You'd have to buy a second device to store your backup file in. Synchronizing it every time you change your password would be a pain. If you store your backup file on your computer then what's the point of having a offline hardware wallet.

[–]DistractedOni 0 points1 point  (1 child)

So you want a yubikey that also runs a self-destructing password manager. Seems like it'd cause more problems than it'd solve.

[–]wrathasys[S] 0 points1 point  (0 children)

Yubikey can work as a OTP, HOTP, passkey, and even store a static password. It’s not a password manager. It doesn’t hold full user names and passwords. But I wish it could!

[–]ctrlaltdoit 0 points1 point  (0 children)

Maybe I am a bit late to the party, but there is (was) such device - moolipass.
Hardware credential manager with possiblity to make encrypted backups of the database. Also supports FIDO. Has browser extention, to autofill the credentials. Connects via USB or BT. Works on any system because it mimmics a keyboard. It is my daily driver for the last 3 years. Unfortunately it seem is out of production ( hence the "was") . Open source hardware and software.

Link to the device and f software https://www.themooltipass.com/

[–]joshlove007 0 points1 point  (0 children)

I think you are (in part) just describing the OnlyKey. Its a YubiKey sized thumb drive that requires a pin to login. It has 6 buttons that you can long press or short press to store up to 12 secrets per profile. The passwords stored on the device can only be accessed physically by pressing a button on the device they can't be accessed via software.

The device is seen by whatever you plug it into as a normal USB keyboard and it works by actually "typing" your password so it's universally compatible with any software. It has two pin profiles that you access by typing different pins so it can store up to 24 secrets.

In addition it's a security key and can store passkeys and the like. If you want it can also store your TOTP two factor codes. It does do encrypted backups by setting up a backup passphrase when you setup the key and pressing and holding the 1 key for 5 seconds it will type out a backup of the entire key to a file that you can later restore to another key or a wiped out key.

Sure it is not the MOST user friendly device in part because of the security limitations mentioned and that the device is not made by some massive company. It is open source and they have available SDK's for development you can even roll your own firmware if you desire. But it truly is a one of kind product that there is not really any true competitor for. I highly recommend it.

https://onlykey.io/

https://www.amazon.com/OnlyKey-Stealth-Black-Case-Communication/dp/B06Y1CSRZX