This has been a culmination of over 10 hours of research. The goal was simple; find a way to securely store all the keys, 2FA TOTP codes, crypto wallets, passwords, SSH keys. All that good stuff in some rugged secure place that is portable and can work with Mac, Windows, and GNU/ Linux.

Technology's chosen:

So, let's start with why you want to have something like this. For me it is simple, I have more passwords and keys than I probably should. They are critical and if lost would require hours to be replaced if it was even possible. It goes without saying that keeping these things on your computer is dumb, you use your computer, it is on the digital high seas as I like to say. It can be plundered at any moment. Hence why backups are so important. Then of course we have hardware failure, natural disasters, etc.

On top of that I switch computers a lot, I need to be able to just plug something in on any OS and have all my credentials be there.

So, you scream, just use one of those online tools like Lastpass. They do passwords and TOTP 2FA keys.

Well, I have a thing about putting my credentials in a cloud service. It just does not feel right. It seems like that is less secure than just leaving them on my Desktop. Also, there is the problem of needing internet to use them. Internet access is not always guaranteed for me, deploying network equipment you are often on a hotspot that is struggling to break 5Mbps...

I needed a "secure flash drive"

So, I found the only one on the market that natively supports Windows, Mac, & the lovely GNU/ Linux. The Kingston Ironkey

That, however, only solved 1/3 of my problems. It solved how to securely store SSH keys, VPN clients, etc. It did nothing for passwords and TOTP 2FA keys.

We need more software

Yes, you could just keep a plain text spreadsheet with all the passwords on the secure drive. But that, again, just seems wrong.

Enter KeePass

The open source, cross platform, lightweight, password manager. They have a portable version that lives on the drive. It creates an encrypted database file with all your passwords in it.

It also has extra features like one click to copy passwords. Organization features.

Everything a happy geek needs to manage 300 passwords (yes, I have that many)

Now it's time for TOTP 2FA

This one was trickier. However, it was absolutely critical. I hate the idea of keeping 2FA tied to my phone. Phones have a rough life. They are always dropped, getting rained on. Downloading shady files that you don't want to risk on the desktop.

I lost my phone in a Kayaking accident one time. You just cannot count on them for such a critical part of your digital security.

Enter Bitwarden

Wait? Bitwarden? the password manager? You just said you already have a password manager!

Yes, key difference between the two, Keepass is 100% offline. Bitwarden requires you to have it linked to an online account, all passwords saved to the portable version will be pushed into the cloud when you connect it to the internet.

The reason bitwarden is critical is they support TOTP 2FA, this is not a small feat for a portable application. TOTP 2FA requires an exact time to synchronize and get the proper numbers.

This one was hard to find. For some reason TOTP 2FA apps for desktop are few and far between. *Shrugs* I really do not know why this is.

OMG!!! Did he just tell us all where he keeps the secret stash?!?!?

Yes, I did, it does not matter, security by obscurity is NOT security. If telling someone your plan erodes the effectiveness of the plan, GET A NEW PLAN.

To break my system, you would need to kidnap me and torture me until I gave up my unique master password. That is the only way.

Copyright © 2024 Meadowlark Marsh LLC.
Website/ Hosting by Meadowlark IT
crossmenu