But the vault's encryption remains your primary defense. Regardless of where your encrypted vault is stored, preventing its disclosure to bad actors is an excellent additional precaution. If you ignore, for the moment, that a Lastpass vault is poorly encrypted, I don't feel an encrypted vault is a huge threat surface. I know a lot of LastPass users are upset that their encrypted vaults were exposed in a recent breach. Neither the local copy nor the cloud copy is particularly at risk if you have taken care with your master password. The master password is directly used to encrypt your vault, so its security is still equivalent to the strength of your master password. It is possible for that encrypted vault to be stored locally, but that persistent copy still requires your master password in order to be used. With Bitwarden, your datastore is always encrypted, except in memory. I think passwords might be stored locally as well as in the cloud, is that something to be worried about? Library of Password & Authentication Research Discussions about the general issues of generating or storing your passwords are fine. This is not /r/TechSupport or /r/HowToHack so don't post asking for help recovering a password or gaining access to online accounts. We are primarily interested in topics that promote the industry's understanding of what authentication risks we face, what practices do or don't work, and what general technologies or software exist to improve the status quo. This subreddit is dedicated to the scientific discussion of passwords, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |