(no title)

With the recent LastPass exposure, the supply-chain attack on PyTorch, needing to be vigilent and avoid granting apps access to my cloud drive, I've actually just been reviewing my setup and workflow.

Here's what I'm planning to change...

Phone: Switching from MiniKeePass to KeePassium. I've found it's not too difficult to build KeePassium from source and install without needing an Apple Developer subscription. This means I can properly audit the code and control/verify all updates.

Laptops: Start building KeePassXC from source. In the short term, I'll be more diligent in obtaining updated versions from trusted sources and using PGP to verify the package.

File sync: Start storing the password file on a self-hosted file server. Having recently setup Tailscale on all my devices, it's now convenient to manage Samba and remove cloud storage from the system. In case the SMB share is inaccessible, I'll fallback to the backups kept by KeePassium and use cron+rsync to maintain an secondary copy on my laptop.

Backups: I'm planning to periodically backup to a hardware keypad encrypted USB drive. In comparison to a regular USB / external drive, the hardware encryption makes it harder for somebody to quickly make a copy of the password file and take it away to be brute-forced.

Would welcome any pointers on things I may not be considering or suggestions for improvement!