Password managers don’t protect secrets if pwned
www.theregister.com
: Researchers demo weaknesses affecting some of the most popular options

cross-posted from: https://infosec.pub/post/42164102

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

  • oong3Eepa1ae1tahJozoosuu@lemmy.worldEnglish
    1·
    13 hours ago

    Why would you do that? Just sync thr database with Syncthing and keep it locally on your devices. I’d never put my pw dB in a publicly available cloud online, even though it’s encrypted.

    • 「黃家駒 Wong Ka Kui」 | (aka: 鳳凰院 凶真 Hououin Kyouma)@sh.itjust.worksEnglish
      2·
      13 hours ago

      For backup.

      So all of my hard drives and devices are in the same house, if I was sleeping and and house caught on fire and I couldn’t even get my phone in time (just a worst case example), then I lose all my passwords.

      Cloud is my “offsite backup”. Cuz where else would I put stuff?

      Also: I though you could just safely upload encrypted files to Google Drive, why not a password database? It’s just another encrypted file.

      • oong3Eepa1ae1tahJozoosuu@lemmy.worldEnglish
        1·
        10 hours ago

        I see. For this scenario, I have another Syncthing server, which is on 24/7, responsible for offsite backups.

        Ad encrypted files: true, but why expose them to a potential adversary? If there should be a flaw in the encryption (now or future) the other party already has access to the file.