Passwords
This encrypted database contains passwords to all services needed to operate the Open Terms Archive public services.
It is secured with both a key file and a master password. Administrators have access to both. When transferring access, the key file should be transferred only physically, or encrypted. The master password should always be given in at least two parts transferred over two different channels, such as an encrypted messaging system and SMS.
Download the database and open it with KeePassXC.
When creating accounts for services, use admin@opentermsarchive.org. This allows us to gradually extend the recipients of the contact address (e.g., to community managers) while maintaining a higher level of security for the services logins.
- Always fill in the URL and the username of the service rather than putting everything in the title of the entry, as this enables disambiguation and browser autocompletion.
- Use the “Download favicon” feature to associate recognisable icons to each entry.
If an account needs 2FA, associate a TOTP (time-based on-time password) to the login:
- Navigate to the password entry and select “Entries > TOTP > Set up…” in the menu.
- Paste the 2FA secret key.
When you need to use 2FA, you can use “Entries > TOTP > Copy code” straight from KeePassXC.
In “Advanced > Properties”, add a property named recovery codes, paste the recovery codes, and check the Protect checkbox. Do not store the recovery codes anywhere else. If you use a recovery code, remove it from the entry. When only 2 recovery codes are left, generate new ones from the logged in interface.
Do not paste everything in notes. Add an entry called <service> API key, and add all the necessary properties in “Advanced > Properties”.
Do not paste everything in notes. Add an entry called <service> SSH key, and add both private and public keys as files in “Advanced > Attachments”.