August 18, 2016
It would appear that the success of a password manager hinges on one’s ability to keep it open for quick password references. OK, I can handle that. I just have to leave it open all the time.
To maximize effectiveness, I just need to open my password manager right away, and keep it open all the time, if only because my master password is substantial. However, I am left to wonder if this is insecure, or at least a risk to the database file itself. I have multiple copies across all the computers I use, so I am confident that I can recover from a crash. On the other hand, how am I to recover if some malware were to recognize my password manager and use the user interface to capture my sensitive passwords, without my knowledge? This is rather tough for a do-it-yourself file-copy synchronization scheme, but at least I do not have to rely on a cloud service to contain my passwords.
I am currently only using my password manager for my personal, non-critical passwords. If I use my password manager for more important passwords, they should be in a different database file entirely, not kept open all the time. Since I use my critical accounts less often than my personal accounts, it should be fine to keep that database file closed, to minimize my exposure.
I must resist the temptation to place the critical-account master password in the personal database file. I should only keep one copy of my password manager open at any time anyway, so storing a master password will do me no good.
I was lucky to stumble across an acceptable master password for my personal database file, but I need to start looking for ideas for a new master password for my critical database file.