how do i even begin to cope. i switched operating systems and i thought i backed up EVERYTHING but apparently I didn't :(

i think i actually fucking hate the idea of password managers now. hate it to the point where I've now come to this conclusion:
use a formula using a 'keyword', which we'll say is horse. my second keyword is the first word that comes to mind for me for that particular site.
My passwords for all sites are: Horse {2ndKeyWord}3#
IE, facebook would be: Horse book3#

for alternative accounts, the first keyword can be different

using this method i can have a complex and different password for every site that i dont want to save in the PW manager and i can store it in my head. i have changed my keyword over the years so that if my formula and keyword are ever discovered then every account i have created are not compromised. i combine this with 5 different emails, each one used for a different level of concern. i have an outlook email for my personal business in the format Firstname_Lastname@outlook.com. this i use for paypal, amazon etc, things that already have my name attached to them. i then have 4 more emails that are used on the level of anonymity i wish to have on that particular site. 1 for spam sites (pintrest, facebook etc) 1 for webforums (spiceworks et al) one for mailing lists and one for other. the email for 'other' is hosted on a private mail server out of the country and has only ever been logged into using either temp web proxys, or tor.

i would not worry about 'giant data leaks' because generally i would be immune either way.

i could write a shell script that even automatically generates a password for me based on the needs of this account (is this personal? is this a throwaway? what's the general level of concern etc), and then save this shell script EVERYWHERE with zero context as to what it does, maybe spread it across the internet.. and then I would have my passwords all over the internet but nobody knows what they are or who they belong to which makes this as reliable as possible. no fucking fallbacks.

pros:
i can remember without needing a shell script or a file because it's pretty self explanatory in my head as to what a password would be for a certain account on a certain site
over the 8 character limit requirement
meets the unique symbol requirement
cons:
not encrypted or something (whatever. my disk is LUKS2 encrypted)
some sites HATE spaces (just use a _ or get rid of the space altogether)

as for my crypto wallets, i'm screwed but not really, because i didn't have any money on 'em.. but it scares me :(

This just sounds like a lot of extra work for coming up with passwords that are less secure than random characters generated by a password manager. Does it suck you lost your database file? Yes, but one screw up like this shouldn't dissuade the use of a password manager. Instead take it as a lesson to learn from for backing up important files.

What type of storage medium was it on? You might be able to recover it with photorec. You might want to shutdown (maybe hard power off) the system to prevent any more writes to the drive.

>>10184
>less secure than random characters generated by a password manager.
Unless you're autistic, you can't remember these random characters if you lose your database or can't access it. What are you going to do if you're using someone else's laptop and you need to temporarily sign into an account that you secured using your password manager? Work laptop and work accounts, you'd have to expose your entire database file and risk them keylogging the password in order to get into your work accounts. You could have a separate database for your work accounts, but these work accounts could also not be related to whatever job you're doing unless you separate by job too. It's a hassle to maintain and keep up with. If you make backups across storage mediums and devices, it's going to be a huge pain in the ass to synchronize across ALL of them unless they're all actively connected to the Internet and happen to have a synchronization daemon running in the background. You also would need to take mobile devices into consideration and ensure that you'd be able to use the database to log into accounts on there, too. What will you do when you encounter a restricted device that doesn't allow you to install your password manager on it that you must use? What if the previously mentioned work laptop prevents you from installing it?

All of this versus the formula:
1 - You accept that your passwords would be inherently weaker in a technical standpoint
2 - In exchange for this, you get rememberable passwords that do not require a file on your computer to use
3 - very minor parts of the password can be changed and switched for renewed security
4 - Nobody is going to figure out that the password to your bank account is Meat money3# because they found out that your Facebook account was Horse book3#

This is the most retarded thread I've seen in a while, and the fact that you're using Lain's name makes it even more stupid. You're overcomplicating things for no reason. Remember, you use the right tool for the job.

An easy to remember password doesn't mean it's less secure. Something like @@45_Remember_Ruby_Dung_20@@ is easy to remember and has a decent amount of password entropy (should be around a hundred bits), you can always add or remove words, as well as replacing the other characters. These passwords are easy to generate and use, even without software, and decently secure too. Your coworker isn't going to guess it that easily, and if the NSA were to try it then they would just beat you up with a wrench instead. If you have an account you login constantly and you don't want to use a 32 character long randomly generated password, or you cannot install your prefered password manager into the device at hand, then these passwords are a good option.

Syncing your passwords is also pretty easy and there are many different ways to do it (ssh, rsync, syncthing, custom scripts, etc.), and you can always invest some time into self-hosting your own Vaultwarden or Nextcloud instance if you want to avoid that hassle. You could even buy one of those fancy yubikeys or whatever they are called.

tl;dr stop being retarded, ALWAYS do backups.

1) make backups retard, sucks you lost it all but not the password manager's fault. something so important like a keepass database should always be on multiple drives and REGULARLY copied REGARDLESS if you're doing something that deletes data or not.
2) random character spam for passwords is retarded. had you used passphrases your passwords would have been actually possible to remember and would have the same security. remembering 10 or 20 randomly selected words is much easier than remembering a symbol vomit password that's 64 characters long or whatever (and the passphrase would also be longer than your alphanumeric slop, while being easier to remember)

have we really strayed so far from the light that someone who represents themselves with lain does not know or heed some of the most basic computering advice, make backups and correct horse battery staple?

put your passwords in an excel spreadsheet and encrypt it with pgp

Here's what you can do

1) Set up SBC with OS of your choice, SSH server, and a robust firewall that blocks all traffic outside your LAN, fail2ban for good measure, and all that other stuff the cool kids put on their servers
2) Put a .txt/.csv file with your passwords in the home directory of the user of the SBC (encrypted with your PGP key)
3) Mount your computer, phone, whateverthefuck through SSHFS, such that you can always just open the encrypted file with PGP with the PGP key that you have on all devices
4) ???
Possibly, and optional 5) Get a wireguard tunnel to your local LAN so you can access the passwords with your cell phone, EasySSHFS is available on F-Droid for that

Keep mind to make backups, duh, and you're set up for all your needs. Obviously using a password manager is simpler, but this what the cool kids do, in theory, hypothetically, never, ever, at all.

>>10296
Side note: This overcomplicates things a lot and might even be less secure than a password manager due to it being networked, but at least syncing is no issue anymore. You seem to be inclined to such retardedextraordinary solutions, so that's what you can do.

i have scattered my passwords all around this website

I just use MasterPassword (now called Spectre because the creator is trying to make some money off it, https://spectre.app/ but all the FOSS implementations I use still call it MasterPassword). Basically it's a harder to guess version of what you said, plus it's automated and has all kinds of nice features so you don't forget and it complies with all the stupid password requirements most sites have. Basically PBKDF(static password ++ site name ++ counter).

Zero risk of data loss because there is no data to lose. I just have to get my hands on an implementation of the MasterPassword algorithm and I can rederive all of my passwords.

Zero risk of even part of the password being exposed through a data breach, due to the strong cryptographic hash used.

The only real risk is that someone pwns one of my devices and records me typing in the master password. But that's a risk for *every* password manager. Plus I use a different password for the device FDE.

>>10299
> I want to play a game
oh no, what happens if I don't find the passwords?

shouldnt you be posting this in tech you bufoon

OP's is exactly why you should be serious about your opsec and your setup, because if you are lazy about it you are destined to be raped by your mistakes.
OP, you deserve what you did for being a lazy fuck who doesn't backup his important files once established and seperate by importance and category to decide whether to backup immediately or it's ok if you lose that data.
DO NOT BE FUCKING LAZY
at least once in your life treat your setup seriously.

>>10332
>not using an airgapped GrapheneOS for password and seed phrase storage
ngmi

>>10332
I've been wanting this for a while. @iwakura this might be what you are looking for as well.
Thank you. I have compiled qMasterPassword on my machine and I am enjoying it well. It takes away the need for KeePass and file backups while still giving you the ability to generate arbitarily complex passwords that only you can get access to.

1. be more thorough with backups next time, you should back up password stuff FIRST since that tends to be THE most important thing to keep up with.
2. I suggest using something like pass so that you have all your passwords in individual gpg files rather than it all being in one database basket. This would give you more flexibility and make it harder to lose ALL your passwords, instead only losing a few if you make that mistake again (which honestly, just get good...please).
3. depending on where you put your passwords, if you don't trust yourself not to fuck this up again, name your drive something like DONOTFORMAT. I've started doing shit like that ever since I made the same mistake you did about 5 years ago, except in my case I overwrote my keepass USB with Artix Linux and installed the distro, therefore losing the one on my main pc as well. That especially sucked considering Artix isn't even that good. :p (inb4 sweaty gnutard tells me im wrong)

>>10295
your entire password list is in an excel sheet? that's like writing them on napkins. keepass was made for the reason it exists, tight integration with linux and zero chance of accidental wipe if your machine crashes.
ngl, you're too lazy to invest in a backup drive, but excited about a spreadsheet?
>>10335
spectre app? fgged passman, that's more reliable than windows “security updates” any day. anyway, even if it works, how many wallets did you lose that aren't stored in passman's db? what the hell, you're still a cuck who thought “i'll just trust that thing on my phone” instead of using a hardware wallet or keeping crypto offline.

>>10820
>tight integration with linux
this point is moot. You can run KeePass on Windows, Mac, Android and iOS all the same.
>zero chance of accidental wipe if your machine crashes.
KeePass relies on a file on your computer. Your filesystem can wipe your database or cause changes to be reverted if you're an unlucky motherfucker.
>>10332
>>10376
vouch for masterpassword. More portable than MasterPassword and nobody can crack my shit because I use a fake name and I can just use different master passwords for each layer of my life if my threat model requires me to be that schizophrenic KeePassXC is technically more secure if you hide your database behind a drive encrypted with LUKS and VeraCrypt, but I think the compromise made with MP is worth it for it's convenience. I'm going to have bigger problems if someone figures out what penname I used and that I even use MP to begin with

Just put your database on various cloud providers and hope retards can't decrypt it in a 100 years.

Always. Do. Backup.
My computer is saved, each time there is a modification of a file, on my server using rsync.
And every night, my server is backed up on a cloud provider.
It may seem overkill, but it allows me to have some resilience in case my computer and even my server are down.

you have a digital body everywhere, nothing was truly lost in the moment it was deleted, just another fragment of static swirling in the ether. keepass files aren't just data on drives anymore.

your wallets? those are just keys bouncing through some code's shadow.
what you're missing is that this time, you didn't even need a physical backup. all it took was the wrong keystroke while typing an url, some error in your terminal's last rendered layer where the system thought it had copied but actually overwrote.

i don't know if there's justice now or not.
the wallets were never mine to begin with, just a thread through someone else's memory. maybe that's why they disappeared: because i wasn't even here.

>>11018
motherfucking sephiroth

this feels like a cautionary tale. forgot cloud sync even though you should've known it's an option for most mdb formats.
if keepassx was the one thing you didn't backup locally, maybe i can't help, but that's on you.

somewhere in those crypto wallets you're keeping seed phrases: don't assume hardware is foolproof. a misclick could turn "fuckin' forgot my backup" into a literal dead end.

>>10333
keepassxc isn't perfect but at least the format's not locked behind a cloud or weird VPN bullshit.