Am I too old school to add my credit card to my password manager?
Are there valid risks to this?
Discussion
I do. My passwords leaking would be much more damaging, so if I trust it for those… 😂
Seriously though, the good password managers have some pretty good encryption these days.
nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka Any advice on this? I’m also curious to hear your perspective.
If it's mission critical, I use Keepass since it's device only and not in the cloud. There is always a risk with cloud based anything, but I also use and recommend cloud based password managers like Bitwarden and Proton Pass.
It is the classic story of convenience vs privacy, so whether or not you decide to put credit card info in your PWM is dependent on your threat model and risk tolerance. If you use a strong master password with lots of entropy, you are likely going to be okay.
The risk for most people of hackers making off with an encrypted password database from the cloud and it later being cracked with something like a quantum computer is far less than them not using a password manager to create unique, high entropy passwords for every login.
Personally, I am ok with cloud-based PWMs for most things. Though, there are certain passwords and information that I only keep in an air-gapped qube on Qubes. I also keep my cloud based PWM recovery phrase and 2FA app recovery phrase in the air-gapped Keepass vault.
Just remember your OPSEC and keep at least 3 backups.
I also recommend encrypting the backups of the KeePass vault with a kind of multisig encryption where all pieces are required to unencrypt the database file, with the final piece being committed to memory. You can hide these pieces in images or something similar or give them to trusted people. I will not share my method.
This way even if my distributed pieces are somehow compromised, the final piece required to gain access to my already encrypted password database (with master password) is safe with me.
It is similar to the method Snowden used to secure the files he gained access to before sharing them with the world.
In the event of a kidnapping or torture of you, or your loved ones, you could be forced to give up your password, so I also have a contingency plan for that, but that is a secret, and I will keep that to myself.
You have two lifes mr. Anderson, in one you is a cyberterrorist that trust no one, in other you is perfectly integrated to the mainstream economic system, were the government protects you agains all dishonest agents.
Best answer 😂😂👍🏻
Password managers have been hacked/leaked…see LastPass.
You are facing the same risk in a different form every time you hand it to a waitress or bar tender, swipe it on a payment kiosk (possibly fake), or use the card details on an e-commerce site.
I’d say it’s ok. Credit Card are already inherently unsafe and regardless the bank has you covered in any case of fraud. So no need to worry about putting it on a password manager. Also, credit cards are something you probably change once a year or so when they deteriorate, so you can get in the happy of ordering a new one every now and then. It’s great to also keep track of forgotten subscriptions when you get the “your payment failed” email.
On the other hard you could something more private and secure than the well know ones like 1password and last pass, been hacked before. You could use Bitwarden that’s open source and great reputation among the privacy community. No need to give them any data. Plus you can choose a storm password and enable 2FA. For 2FA you can also use something open source and locally hosted like Aegis. Please delete Google authenticator if you are using it.
Bitwarden + locally hosted 2FA is pretty hard to hack even if user data is leaked. If you want even more security, you can use a yubikey and have your 2FA offline.
I’d honestly worry more about my nsec than my credit card 😂😂
Your password manager should be able to hold any secret, or you should put none in there. If you cannot store any secret in your password manager then you are doing it wrong.
Are there any valid risks using a credit card? IDGAF about credit card security. It's all funny money backed by insurance. If there is fraud you aren't liable so I don't put much effort into protecting my credit card
I actually lost the physical plastic in a boating accident. Fortunately i still have all the info in my password manager.
I'm pretty sure that any malicious transaction can be reversed and it does not have a very high max spend so that seems fairly ok.
I feel like there are more risks using the card itself then saving it into password manager 😁.
Anyway for someone aware of security basics on internet I think the risk is very small. For anything malicious not caused by your fault bank will usually compensate you. Even just to keep their good name.
And the rest? I think like hacking your email for example can cause much bigger trouble then getting your card info. You can block card like in 30 seconds in app. To get back your email it can take days and cause much more secondary damage.