you mean to say you use the same password for every site ?
wel..uhm..good luck to you
(unless i misunderstood)
I hear you, I’ve thought about that too, and so far haven’t really come up with a viable solution other then offsite back up. The issue is you would still be without your password while you recover should the home server go down. At this point my self-hosting desire outweighs my disaster recovery. I do back up it to a separate backup server I maintain so even if my bitwarden server crashes I have a backup. But if I’m hit by a bus not sure my wife could recover her passwords should something seriously crash. I guess I need to put together some detailed SOPs for her.
I love and use Keepassxc but also have been slowly getting my passwords into “Password Store” (zx2c4’s pass) Because I don’t really want to rely fully on one software. This way none of my passwords are locked behind one software. Also has keepassXC autotype started working in wayland? Last time I checked it wasn’t really working.
My thoughts are similar. Imaginging I am away from home (some vacation or whatever), my laptop at home and the server is down. Then I would need to have a way to fix things from my smartphone. Hmmmm…
I have the keepass-file in a place that is automatically synchronized to my phone. On the phone there’s a keepass compatible app. Works good.
1 Like
I would never take a keepass file on my phone - databases are quite easily bruteforced, and I doubt that a normal person uses a 12+ character pw on a phone…
Sometimes you gotta do what you gotta do, especially if you’re not guarding military launch codes 
Then why use it at all? The whole point is that it is hard to break. If you don’t have confidence dropping your password database - like keepass - on an USB stick in the town square and feel confident about it something went seriously wrong.
I completely disagree. I use KeepassXC on a PC, with encrypted SSD and protect the DB with passphrase and token. That is a completely different protection level than stored on a phone with just a password as protection. Your argument makes just no sense to me.
You know that encrypted SSDs are quite easily bruteforced?
If we just throw out claims we can easily do that in all directions.
They have to be stolen. Out of my house. Good luck with that. Completely different kind of beast. This comparision makes even less sense to me.
Good point. If your password protection is relying on “I’m the only allowed in this house” then it is virtually non-existing. That’s why you should use a solution that secures passwords to a point that even if you publish it publicly it would be worthless to anybody than you. Everything else is just security theater.
O boy. I am out, sorry, just makes no sense where this is going to. Gl!
You could use a second db file, with a different password for mobile use. You have to transfer or clone some entries into the mobile db. This would work if you have some passwords you need on the go.
1 Like
That would be a reasonable (but clumsy) approach!
Use encryption. 
Not needed: phones guarantee security by timing you out for wrong guesses. So, if you mess up your password too many times, the phone will just permanently refuse to unlock, and you have to reinstall from scratch.
At least assuming your passcode is halfway-decent (not your birthday or something else completely public).
The reason a password has to be strong is because it’s not tied to a specific physical object, it’s used to generate a has which is then stored in a database. If those hashes are hacked or leaked, you need a password strong enough that you can’t brute-force a string that generates the same password.
I was referring to the password of the database. Unlocking stock Android or iOS is easier as you might think.
What do you mean by that? Obviously not LUKS, because that is not so easy to crack brute force if the passwd is 14+ Characters.
Honestly I do not understand what you are referring too. What @milkytwix described is a LUKS encrypted SSD with a keypass DB on it. That can hardly be improved as long as the LUKS and keyypass password are good enough.
The original claim was databases are quite easily bruteforced. If that claim holds any universal truth then SSDs are “easily bruteforced” too. It’s just math and data.
Many of us are familiar with disk encryption, that’s why I made that comparison, for a “wait a minute” moment. Instead of a pushback like you did the conversation surprisingly moved forward under this new premise with They have to be stolen. Out of my house. Good luck with that…
If you say a properly encrypted password storage or disk should be good enough then I agree. That was my point.