I always find these types of posts frustrating. Apart from your desktop password, a password manager solves a lot of these issues. Just make the password manager super secure, use 2fa and then auto generate all other passwords.
There are self-hosted options with strong encryption. My BitWarden vault is just as secure as if my laptop were stolen. Argon2id to secure the key for AES256 encryption.
Can’t use it when logging into the laptop. And parts of the network have to be typed in - it detects and rejects pasting (haven’t built out an autohotkey to see if that would work)
I use a memorized passphrase with a random string stored on a mooltipass or onlykey. I use both interchangeably for vendor diversity.
They are both pin protected and act as USB keyboards (how I use them). They have more features like FIDO2 (both), WebAuthN (moolti), Bluetooth (moolti), etc.
I only store my computer decryption and account password plus my bitwarden password on them (random part for use with memorized passphrase). After that I just use bitwarden once I'm logged in.
I was a happy OnlyKey customer until I wanted some spares a couple months ago and they were out of stock. That's when I got a Mooltipass. The OnlyKeys are back in stock this month so I did get some more as backups.
OnlyKey is lower tech which I honestly think makes it more reliable. It also supports a longer pin.
Mooltipass input is the scroll wheel which you push to click. Pin is only 4 digits but supports all hex characters where OnlyKey is only 1-6.
Passwords are stored on device with the OnlyKey. With the Mooltipass its on a card you can swap out, clone, etc.
OnlyKey is powered through USB. Mooltipass has a battery. Battery needs to be cycled often so I use it as my daily driver for that reason. I'd probably use the OnlyKey if it were not for that. I feel it is faster for my workflow since I can pick 1 of 12 passwords in one short or long press on the device. Mooltipass I have to go through a couple menus and confirmations.
I can see the attraction to the additional features of the Mooltipass but I just don't use them (at least yet).
Either are great though. The extra input requirements of the Mooltipass are not that bothersome.
I always find these types of posts frustrating. Apart from your desktop password, a password manager solves a lot of these issues. Just make the password manager super secure, use 2fa and then auto generate all other passwords.
Remember when everyone said LastPass was that manager?
There are self-hosted options with strong encryption. My BitWarden vault is just as secure as if my laptop were stolen. Argon2id to secure the key for AES256 encryption.
I have to use what my works says 🤷♂️
The issue the post is about applies to password managers too.
Can’t use it when logging into the laptop. And parts of the network have to be typed in - it detects and rejects pasting (haven’t built out an autohotkey to see if that would work)
I use a memorized passphrase with a random string stored on a mooltipass or onlykey. I use both interchangeably for vendor diversity.
They are both pin protected and act as USB keyboards (how I use them). They have more features like FIDO2 (both), WebAuthN (moolti), Bluetooth (moolti), etc.
I only store my computer decryption and account password plus my bitwarden password on them (random part for use with memorized passphrase). After that I just use bitwarden once I'm logged in.
You have rocked my world. That’s freaking fantastic, both of them. I gotta get one of those. Thank you! Is there one that you prefer to the other?
I was a happy OnlyKey customer until I wanted some spares a couple months ago and they were out of stock. That's when I got a Mooltipass. The OnlyKeys are back in stock this month so I did get some more as backups.
OnlyKey is lower tech which I honestly think makes it more reliable. It also supports a longer pin.
Mooltipass input is the scroll wheel which you push to click. Pin is only 4 digits but supports all hex characters where OnlyKey is only 1-6.
Passwords are stored on device with the OnlyKey. With the Mooltipass its on a card you can swap out, clone, etc.
OnlyKey is powered through USB. Mooltipass has a battery. Battery needs to be cycled often so I use it as my daily driver for that reason. I'd probably use the OnlyKey if it were not for that. I feel it is faster for my workflow since I can pick 1 of 12 passwords in one short or long press on the device. Mooltipass I have to go through a couple menus and confirmations.
I can see the attraction to the additional features of the Mooltipass but I just don't use them (at least yet).
Either are great though. The extra input requirements of the Mooltipass are not that bothersome.
Follow-up: dude, you rock! This thing is amazing. Thanks for the recommendation!
Great to hear! They are awesome for system access before a password manager is available.
Looking to play with the fido2 function soon to unlock luks encrypted partitions for my headless media server after a power outage.
Ordered an Only Key - they’re on sale, which is nice, but I think for my use case it’s easier, as well.
Thanks a ton!
I forgot my keypass password
Literally unusable for my needs.