Password managers don’t protect secrets if pwned
www.theregister.com
: Researchers demo weaknesses affecting some of the most popular options

cross-posted from: https://infosec.pub/post/42164102

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

  • 「黃家駒 Wong Ka Kui」 | (aka: 鳳凰院 凶真 Hououin Kyouma)@sh.itjust.worksEnglish
    2·
    4 hours ago

    For backup.

    So all of my hard drives and devices are in the same house, if I was sleeping and and house caught on fire and I couldn’t even get my phone in time (just a worst case example), then I lose all my passwords.

    Cloud is my “offsite backup”. Cuz where else would I put stuff?

    Also: I though you could just safely upload encrypted files to Google Drive, why not a password database? It’s just another encrypted file.

    • oong3Eepa1ae1tahJozoosuu@lemmy.worldEnglish
      1·
      1 hour ago

      I see. For this scenario, I have another Syncthing server, which is on 24/7, responsible for offsite backups.

      Ad encrypted files: true, but why expose them to a potential adversary? If there should be a flaw in the encryption (now or future) the other party already has access to the file.