from boredsquirrel@slrpnk.net to cybersecurity@sh.itjust.works on 12 Jul 2024 12:36
https://slrpnk.net/post/11348049
Google Pixel phones, especially with GrapheneOS, are worlds more secure than other technologies.
Every user account is decrypted with a key generated by the secure element, and the pin is just used to unlock that key.
But the secure element is rarely used in other applications.
Here is how to unlock your KeepassDX Storage with it:
- Create a password storage with a very secure and long password. Length is especially important, prefer to use tons of nonsense words, over hard to remember symbols
- In KeepassDX Settings, under “unlock settings” enable "use system unlock"
- Enter the password for the password storage.
- Instead of pressing Enter, press on the button in the bottom left to register the password in the Android Keystore.
From now on you can unlock your password storage using all the security that your device offers.
The only weakness is the password, so make it as long as possible.
To copy-paste passwords relatively securely, you can use Florisboard’s internal clipboard. Enable “sync from system clipboard”, and disable “sync to system clipboard”.
If you copy things using the button on Florisboard, it will only be saved in Florisboards internal app storage, not your system clipboard, which is accessible to all input devices (keyboard apps) and foreground apps.
To delete things from the system clipboard (which only holds one entry) you can use apps like this one
I recommend Obtainium to get the latest versions of these apps.
threaded - newest
Is this better than Bitwarden? A lot of this seems to be similar functionality offered by Bitwarden already, with fewer steps, but I’m open to learning something new.
If you need hosting and syncing, stick with Bitwarden.
Syncthing + KeepassXC works kinda fine, but not always.
What part of this is possible with Bitwarden?