Ask HN: How do you structure your password manager and TOTP email accounts?

4 points by redditor98654 5 days ago

Currently the email account I use for my Bitwarden account is the same as the one I use for my Authy account. In addition, password for the Authy account is in the Bitwarden account and 2FA for the Bitwarden account is in that Authy account. This seems like a circular dependency and a disaster waiting to happen.

I am thinking this is how I should structure it:

    Email (E1) for the Bitwarden account (B1).
        preferably this is a paid email like protonmail/fastmail

    Email (E2) for the Authy account (A1) that has only B1 TOTP added.
        preferably this is a paid email like protonmail/fastmail

    Email (E3) or my critical accounts like banks and other financial institutions
        preferably this is a paid email like protonmail/fastmail
        password for this email account as well as the financial accounts are stored in B1

    Email (E4) for all other non-critical logins
        This can be a Google account
        Password for this email as well as the other accounts are stored in B1

    Email (E5) for another Authy Account (A2) to store TOP for all accounts created in E3 and E4

    Passwords for E1, E2, B1, A1 and A2 are never stored in any digital medium
        At most it will be in a physical form at my home
How are other people who like to go that extra distance structuring theirs?
dakiol 3 days ago

I have memorized my master password. I have written it down in a couple of books as well. I never take those books out of home.

All my other passwords are in plain text files (encrypted with the master password) in my computer. It works fine. I don’t trust third party software to store my passwords, and anything open source doesn’t beat my plain text file tbh.

  • redditor98654 3 days ago

    Do you have a solution for cross device syncing? Say you need to access a password for an app.

    • dakiol 2 days ago

      Not really. But I login in the app(s) once usually, and never log out.

slwvx 5 days ago

I personally would not like the complexity of one Bitwarden account, two Authy accounts, and five email accounts! I wonder if your current desire to "go that extra distance" now would fade, and in the future the complexity of your proposed structure would lead to problems.

  • redditor98654 5 days ago

    You are correct; that certainly is possible - this setup was my engineer's instincts for maximum modularity and separation.

    My ideal password manager and TOTP account feature would have been something that allows a random username as the account key and does not require any email. That would have cut down the emails to only 2.

    But all these password managers and 2FA accounts require email - I would have guessed random username would be harder to crack and would be better anonymized.

    • skydhash 5 days ago

      A great way to go about it is workflow and impact if the account was breached or access was lost. For me, most services don’t matter that much although I use otp if I can. I have the main password database somewhere, and for less impactful service and often used ones, they are on the keyring system (protected by disk encryption). And keys have passphrases.