Privacy Matters

yet another blog about privacy and security online

Today I want to give you 2 reasons why you should start using a password manager. I realise that there are many similar articles online but here I'm going to focus on my use case thus giving you a unique perspective on the topic. Once we're done with the why I'll briefly discuss how to begin your journey with password managers. Yup, there are many of them but don't be intimidated just yet. Let's get started.

The Why

There are many reasons for using a password manager. For me, the most obvious one is convenience. Let me elaborate. I first wrote my logins and passwords on a piece of paper which I then kept in a drawer. It was a long time ago and password managers weren't even on the horizon. It wasn't the most elegant solution but it worked at the time. Later, I remember that browsers started implementing basic password storage mechanisms. So I decided to jump on the bandwagon. It was definitely more convenient. It turned out, however, that you couldn't move your passwords between browsers. There weren't separate apps that would, well, manage your passwords. It later turned out that it wasn't the most secure way to store your credentials. Then, about 4-5 years ago (around 2018) I finally discovered real password managers. Over time, I tried 2 options: KeePass and Bitwarden. Both with their pros and cons. Long story short, I settled on Bitwarden. Why? Convenience. It encrypts your passwords locally and then stores them in the cloud, allowing for synchronisation between different devices. You have access to your credentials on any device and you can easily fill in password fields in browsers and apps. In my opinion, there's no better solution right now.

Another major reason is security. You might think that your drawer or safe is the best place for sensitive data. It might be for some high profile individuals. But for most of us out there a password manager is secure enough AND it prevents your data from being destroyed. Let's assume that your physical safe goes up in flames or is otherwise unavailable. If it was the only place where your passwords lived and you didn't memorise them, you're in trouble. In contrast, if you have your passwords and other sensitive data stored in a cloud-based password manager, it only takes one device (typically your smartphone) to recover the data. Don't worry, the so-called cloud, or the provider of the service, can't see your data: it's end-to-end encrypted. To put it simply, password managers offer superior security. They would be out of business if they didn't.

I'm sure there are many other reasons for opting to use a password manager but the ones I mentioned should be convincing enough. Now, let's talk about where to start when it comes to password vaults.

The How

If I were you, I'd start with a free Bitwarden account. You can always upgrade to a paid version if you think you need it. It's only 10 USD per year so it's very cheap and it's a great way to support the company. Setting up an account should be rather straightforward. In short, you register on their website using your email and a master password. Your email can later be used as 2FA (second factor authentication with one-time codes). Your master password is the only password that you'll ever need so it must be both long and easy to remember. I recommend using a passphrase that's at least 16 characters long. One way to come up with such a complex passphrase is to pick some random words from a dictionary, stack them together and add some special characters and/or numbers. For example: pearcatslavewoman!

The other method is to take a quote, use the first letter of each word and add some extra characters here and there. Can you guess the quote behind this password? HgttgSlatfatf42. Hint: the first couple of letters refer to the book and the rest is about the quote.

After creating an account you can install Bitwarden apps or extensions on any device / OS. Fun fact: once synchronised, your passwords are always stored in a local vault even if “the cloud” is temporarily unavailable or your device is offline. One final tip I'd like to give you concerns the browser extension. By default, your vault is locked once you close the browser. You'll need your master password to unlock it (security, remember?). If entering a long passphrase is too cumbersome you can set up a PIN to unlock the database. I did that because of extra convenience. I'm not sure about the security aspect though. So proceed at your own risk when it comes to PIN unlock.

Self-hosting

A note for advanced users: Bitwarden offers excellent data portability so you can export your credentials and then import them into another password manager. Or you can take your data and host your own Bitwarden instance. My suggestion is to look into Vaultwarden since it offers a light back-end and is fully compatible with Bitwarden apps.

Your turn

You should now see the benefits of password managers. The most serious advantages are convenience and security. Due to strong encryption your data remains yours alone. Even if you end up not enjoying Bitwarden you can export your vault and take it elsewhere. That's the beauty of portability. Thanks for reading and until next time!

Reply to this on the fediverse: @michal@101010.pl

In this post I'm going to give you some technical advice on how to launch your own blog. Note, however, that this is more of an overview than a step-by-step guide. I want it to be rather high-level since specific instructions change from time to time. I will include 2 approaches: one for beginners and one for technical freaks like me. With this in mind, let's begin.

First, an easy, turn-key solution would be to register an account with a service provider, i.e. a blog hosting platform. My recommendation is to start with a platform that respects your privacy and gives you full control of your data. That's why I chose writefreely in the first place. Fortunately, you don't have to set up your server and deal with any technical stuff. There are many writefreely instances (or servers) out there and you can simply join one of them. For a Polish blog, writefreely.pl is a good place to start. When you visit the site, it may look like the registrations are closed but that's just to prevent spam. You can join with an invite that's mentioned on the front page.

Still on the topic of easily accessible solutions: wordpress.com. I mention it here because WordPress has become a staple in the blogosphere and beyond. Apart from blogs there are even e-commerce sites based on the app. It's quite easy to run and extend but it might be too much if you just want to have a text blog like me. Still, as a long-time WordPress user, I'm sure it will be an excellent choice for many people. And again, you don't have to be a nerd to set up an account on wordpress.com and start blogging. If you are a nerd though, you can also install WordPress on a web server and have more control over your data and settings. More on that later.

Now, let's briefly discuss some hardcore solutions. These are meant for advanced users. So, if you're technically savvy you can follow my path and set up your own single person writefreely instance. I went with Yunohost because it offers one-click installs of popular software. It's based on Debian so it's super stable and lean. It can be run both locally (say, on a Raspberry Pi) or 'in the cloud' (on a VPS). I'm not going to tell you how to set up Yunohost today because there are many guides online, including the official wiki.

Next, I mentioned you can install WordPress on any web server. So why not use something that we already have. Yes, you guessed it: Yunohost is a perfect solution once again. Just remember: when you go this route you are fully responsible for your data. Yunohost gives you more control and a custom domain, which may me crucial for some people or businesses.

Lastly, I'd like to touch upon the idea of static site generators. True, these are best suited for static sites like your digital portfolio, but once mastered you can employ them as blog engines. I'd only recommend them to people who know what they're doing and to those who really care about security (hard to hack a static webpage) and speed (your browser only loads static content like HTML, CSS, and optionally some JavaScript). For example, I've built my personal homepage with Hugo which is a well established generator. I takes some getting used to but it's optimal for very simple sites (though they might be complex as well).

To sum up, I wanted to give you some ideas on how to start your own blog. If you're a beginner, go with a hosted writefreely instance. WordPress is also good if you prefer something more mainstream. If you're not afraid of self-hosting spin up your own Yunohost server and install some blogging / publishing apps. You can always choose the one that suits you best.

Thanks for reading this short overview. Would you like me to cover some of these topics in more detail? Let me know on the fediverse or drop me an email: blog@narecki.name

Reply to this on the fediverse: @michal@101010.pl