I’ve been trying to harden my cyber security recently and I started with my email which i made the password over 32 characters which I memorized. I turned off 2 factor authentication because what If I lose my phone and someone sends verification code getting access to my email which I feel is the main hub for everything from bank logins etc. Like I said before I’ve memorized my email password but now I have to figure out a way to store username’s and passwords for things like bank accounts and what not.
I was thinking of using Keep Pass, but what happens if I lose the usb drive that I would figuratively carry with me 24/7. I know this is overkill but I’d love to hear your thoughts.
Sounds like you need yourself a password manager. My personal favorite is Bitwarden, but there are other suitable options like LastPass. These do not require have a local password database to lose on a USB drive. This will let you create unique and strong passwords for each site/service you use, then if one site is compromised, then you don’t run the risk of the username/password combo being used for another site. Then if you sprinkle on 2FA for each of these sites, you are drastically reducing the chance of your account(s) being compromised.
Also I would not disable 2FA even if it is using SMS, because you are still creating another layer for a bad actor to try and get through. Even if it isn’t as secure as a one-time-passcode. Many sites are now allowing to use a OTP number as the 2FA layer instead of just SMS. You can set this up on your phone with of the number of OTP apps, which will all allow for recovery if you lose your phone.
It’s a good query, personally I use KeePass and only keep this on my network or laptop, won’t install it on my mobile as it’s an old Android version and mostly I have no clue what the phone is doing.
Do like the idea of 2FA but have come across challenges, such as working over time zones, working both on Linux and Windows, though worst of all QNAP had/has an issue with it’s clock so 2FA would constantly fail. Authy was as good as I could find but still not quite there.
Believe the best combination is a PW manager with 2FA on Linux portable device (perhaps this will be feasible with Linux on the phone).
There are some hardware tokens that can now be bought (similar to the ones from banks) but they are still a bit pricey.
We use self hosted Bitwarden here at our office but for individuals KeePass is a nice option. For 2FA I highly recommend using TOTP based auth. https://youtu.be/jxxtVzVLm3c
I recommend LastPass (free) as it can run across multi-platforms, phone, in the computer browsers and auto log you in to sites you select (stays in sync and will work offline). Then you only need to remember the one long password. While it will also do 2FA, I use Authy for 2FA as it can also run across multi-platforms and stay in sync - so if you lose your phone or laptop, you will not be locked out of your 2FA. It’s also free.