Ask HN: How do you structure your password manager and TOTP email accounts?
Currently the email account I use for my Bitwarden account is the same as the one I use for my Authy account. In addition, password for the Authy account is in the Bitwarden account and 2FA for the Bitwarden account is in that Authy account. This seems like a circular dependency and a disaster waiting to happen.
I am thinking this is how I should structure it:
Email (E1) for the Bitwarden account (B1).
preferably this is a paid email like protonmail/fastmail
Email (E2) for the Authy account (A1) that has only B1 TOTP added.
preferably this is a paid email like protonmail/fastmail
Email (E3) or my critical accounts like banks and other financial institutions
preferably this is a paid email like protonmail/fastmail
password for this email account as well as the financial accounts are stored in B1
Email (E4) for all other non-critical logins
This can be a Google account
Password for this email as well as the other accounts are stored in B1
Email (E5) for another Authy Account (A2) to store TOP for all accounts created in E3 and E4
Passwords for E1, E2, B1, A1 and A2 are never stored in any digital medium
At most it will be in a physical form at my home
How are other people who like to go that extra distance structuring theirs?
I have memorized my master password. I have written it down in a couple of books as well. I never take those books out of home.
All my other passwords are in plain text files (encrypted with the master password) in my computer. It works fine. I don’t trust third party software to store my passwords, and anything open source doesn’t beat my plain text file tbh.
Do you have a solution for cross device syncing? Say you need to access a password for an app.
Not really. But I login in the app(s) once usually, and never log out.
I personally would not like the complexity of one Bitwarden account, two Authy accounts, and five email accounts! I wonder if your current desire to "go that extra distance" now would fade, and in the future the complexity of your proposed structure would lead to problems.
You are correct; that certainly is possible - this setup was my engineer's instincts for maximum modularity and separation.
My ideal password manager and TOTP account feature would have been something that allows a random username as the account key and does not require any email. That would have cut down the emails to only 2.
But all these password managers and 2FA accounts require email - I would have guessed random username would be harder to crack and would be better anonymized.
A great way to go about it is workflow and impact if the account was breached or access was lost. For me, most services don’t matter that much although I use otp if I can. I have the main password database somewhere, and for less impactful service and often used ones, they are on the keyring system (protected by disk encryption). And keys have passphrases.