I feel like it's impossible to remember passwords that are long, random, and unique for every service. I have too many accounts.

On the other hand, I don't like the idea of giving up control of my passwords to a password manager and using the ones it generates and stores. It feels weird that I wouldn't "know" my passwords.

Is this a hangup I should just get past? What do I do if I need to login somewhere but cannot access my password manager?

A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password manager, plus setting up a VPN and full disk encryption.

It seems like we're amidst a rising tide of data breaches due to, IMHO, laziness and cheapness on the part of many companies storing personal data.

So, recently I've embarked on my second journey to improve my own security via habits and software and teaching myself. Privacytools has been a super helpful resource. My main lesson this time is to take ownership/responsibility for my own data. To that end, I have switched to KeyPass with yubikey 2FA (still trying to figure out how to get 2FA with yubi on my android without NFC), moved over to Joplin for my note taking (away from Google and Evernote) and also switched to NextCloud for all of my data storage and synchronization. I'm also de-Googling myself, current due-date is end of March when Inbox is shut down.

So my question / discussion topic here, is, what are everyone's thoughts on the future of practical personal security and privacy? More decentralization and self-hosting? That's what it looks like to me. Blockchain tech would be cool for public objects like news articles, images etc. but from what I understand that has zero implication for anything personal. The other newish tech is PGP signatures, which I'm still having trouble implementing/finding use for, but surely that will change.

There is this topic but that ended up just being about encryption which I think is a no-brainer at this point. I'm more so looking for the leading edge trends.

So I have all my passwords, TOTP backup codes, and account recovery codes in my password manager (Bitwarden.) In turn, Bitwarden is secured with a master password and TOTP 2FA. I have a recovery code for the 2FA in the event that I can't get to andOTP anymore (2FA app.) The thing is, where do I put that code? I can't put it in a note app or anything, because if I'm locked out of Bitwarden, I don't have my passwords. Do you see my problem? I was thinking about physically writing it down, but that makes me nervous because I might lose it. Are there any good solutions to this problem?

Like millions of people, I have a router at home, with WiFi and admin passwords set up.

If an attacker request comes in, there are no port forwarding rules set, and the router should say "hey request from the internet, I don't know to which device you want to go, sorry I'll drop you then", and I'm secure. But I don't think it's that simple. If a packet from the outer network can attack my LAN without using port forwarding, how?

Which router settings should I be really looking for to make home LAN more secure? Or what are the keywords of network security to start with?

This is a sort of continuation of a previous topic I posted. This weekend I will be wiping and reinstalling my computer and encrypting all of my drives in the process. In doing so, I will have to choose secure passphrases. As such, I have some questions about how best to do this:

1. I have three drives that will be encrypted. Is it okay to have the same passphrase for all of them, or should I have different ones for each?

2. In looking up info on this topic, I came across this article which recommends something called a Diceware wordlist. The premise is that you roll dice which match to a list of 7000+ words. You then string six or more of these words together which become your passphrase. Is this a sound way to generate one?

3. Rather than using the Diceware wordlist, couldn't I roll my own password of the same type using six "random" words of my choosing? I feel like that would be easier to remember, but am I weakening security in doing so?

4. If the Diceware method is to be trusted, does that mean I do not need to pepper my passphrase with digits, mixed case, and special characters? Or should I add these anyway?

5. I'm also considering changing over passwords on a lot of my online accounts based on this method. I like the idea of using a single passphrase as a root, but how do you modify it so that it is different for each account? Would I do something like [dicewarewords]tildes, [dicewarewords]spotify, [dicewarewords]ubuntuforums, etc.? I feel like it would be too on-the-nose, and it would make it easy to guess my other passwords if one were compromised. On the other hand, I don't like the idea of using a password manager to generate a random string for me. I'd like to still be able to login even without my password manager.

6. For people that have used something like this, how do you then deal with password restrictions on sites? I know that no matter how great I set things up I'm still going to have to make exceptions for sites that that either require or forbid numbers, mixed case, or special characters, have character limits, or make me change my password frequently.

Over the past year I have done a lot to shore up my digital privacy and security. One of the last tasks I have to tackle is locking down the many personal files I have on my computer that have potentially compromising information in them (e.g. bank statements). Right now they are simply sitting on my hard drive, unencrypted. Theft of my device or a breach in access through the network would allow a frightening level of access to many of my records.

As such, what are my options for keeping certain files behind an encryption "shield"? Also, what are the potential tradeoffs for doing so? In researching the topic online I've read plenty of horror stories about people losing archives or whole drives due to encryption-related errors/mistakes. How can I protect against this scenario? Losing the files would be almost as bad as having them compromised!

I'm running Linux, but I'm far from tech-savvy, so I would either need a solution to be straightforward or I'd have to learn a lot to make sense of a more complicated solution. I'm willing to learn mainly because it's not an option for me to continue with my current, insecure setup. I do use a cloud-based password manager that allows for uploading of files, and I trust it enough with my passwords that I would trust it with my files, though I would like to avoid that situation if possible.

With all this in mind, what's a good solution for me to protect my personal files?