Master Password Backup

ignoramous:

The problem with any scheme that requires you to import the master key is… it is no longer a private secret. For instance, when you “copy” the key, it is in the clipboard of whatever OS you’re using, and there’s no shortage of apps that monitor the clipboard. Take extreme care with secrets, and never export them from which ever silicon they’re generated on without “wrapping” them. In the wake of ubiquitous adoption of computationally strong & fast cryptographic constructions, the focus has shifted to compromising keys instead.

At least on Android, it shows a notification if some app copies the clipboard.

lyricism:

I strongly advise against writing down the master password itself. You would be turning a “something you know” factor into a “something you have” factor by doing that, which on its own is weaker than a properly random “something you know” factor and means you are unlikely to ever really be able to protect your password manager with MFA since most second factors are already “something you have”.

So your advice is to just hope to never forget it?

ignoramous:

Passwords aren’t usually “properly random”.

What do you mean?