Tell me where the passwords are. What might have happened to them

No, I won't try to convince or scare you. Today I've prepared options for where to keep — passwords. Each solution has its limits.

No, I'm not going to lecture or scare you. Today I've put together options for where to keep your PASSWORDS. Bear in mind that every solution has its limits and there's nothing universally best for everyone. 1) I DON'T WANT A CLOUD-BASED PASSWORD STORE KeePassXC — individuals, small teams - Runs on every imaginable platform, including phones - Supports browser plug-ins so passwords auto-fill - Database access can be protected with, e.g., a YubiKey - Multi-device access and access for multiple people can be solved by storing the database (encrypted, of course) on a shared cloud disk; sharing only selected passwords is somewhat tricky. For the regular non-IT crowd it can feel non-intuitive = complex. Passbolt - A multi-platform open-source solution for teams - MFA only in the paid edition - Available both on-premise and cloud — pick what suits you 2) I'M FINE WITH STORING PASSWORDS IN A CLOUD SERVICE (MFA, no exceptions) Cloud providers always have a solution for individuals as well as companies. They differ in price and especially in features: password sharing, password-quality checks, enforced MFA, single sign-on, offline access, password-export limits, etc. The catch with cloud password services is the possibility of compromise. Yes — that's a major incident. You can dramatically reduce that risk by preferring services that allow and require a second factor for sign-in. The attacker may grab your credentials, but without the 2nd factor they're useless *1. 3) Offline password storage Why not — the approach has its limits and strengths. 4) A combination of online + offline A few of my friends — and I — use a combination, depending on how much trouble a compromise or leak of a given password would cause. Keeping it under control is a bit tricky, but if you're disciplined it can be a decent option. *1 — Don't forget that nothing in IT is ever 100%. https://keepassxc.org/https://www.passbolt.com/https://bitwarden.com/https://1password.com/https://www.lastpass.com/ #hackerprotect #cybersecurity #technology #cloud #JumpCloud #AzureAD #Microsoft365 #PasswordManager #OpenSource #HackerProtect