The idea of my passwords, my passphrases, my secret questions and secret answers, and backup tools for my 2FA accounts feel unsettling enough to be stored in a "password manager". USB drives live a tough life they get lost, broken and Are you referring just to a web-app, where everything lives in the cloud, or do you also eschew installed apps that use the cloud to sync an encrypted vault? Also, do you draw a distinction between public and private cloud in your risk analysis? With respect to the USB option, I do like Portable Apps, but I do get concerned about storing data on USB due to the difficulty in automating backups.
My risk tolerance varies greatly between those cases. In effect, it is a poor man's 2fa - the vault has the first part and you know the salt.Ĭloud-based password managers seem like very bad ideas, periodĪre you referring just to a web-app, where everything lives in the cloud, or do you also eschew installed apps that use the cloud to sync an encrypted vault? Also, do you draw a distinction between public and private cloud in your risk analysis? It seems to be a common and effective response to lack of complete trust in a password manager - which in some cases is well deserved. The phrase I hear for this is "salting your passwords", in remembrance of the days when UNIX crypt() reigned supreme. And then I would store passwords with that bit missing. Is there a mechanism so your heirs/employer can gain control when probably compose all my passwords so that they all share the same last ten characters.an occasional unencrypted csv export stored on a thumb drive in a physical safe)? What happens if the app/vendor bricks? Is there a mechanism to retrieve your data (e.g.Are there protections against a malicious web site gaining access to the vault?.When syncing your vault to the vendor cloud, is it fully encrypted on the client? Is the key kept local (should be)?.Do you have reason to trust their programming, development and business practices?
0 kommentar(er)
