undefined | Better HN

0 pointsZinggi7y ago0 comments

> Doesn't this increase your attack surface greatly though?

That's true. I suppose it's a trade off between protection against lost vs. smaller attack surface.

> Since there's no master key, one has to only compromise the OS to get at everything

That's wrong, compromising one device doesn't give an attacker anything useful. Only if two or more devices have been compromised can passwords be decrypted. But in any case, I think if your device is compromised you might be in bigger troubles anyway. E.g. if an attacker controls your device, ransomeware might be easier and more lucrative to them than going after more devices to hunt for passwords.

0 comments

craftyguy7y ago

> That's wrong, compromising one device doesn't give an attacker anything useful

Yea I understand that, but by having a large number of devices with this on it, you increase the chances that any two of them could be compromised. That was my point, I just didn't articulate it well enough.

smittywerben7y ago

Does anyone use a password manager for critical accounts?

I use them to generate random passwords for sites like yahoo or neopets (or whatever).

jsjohnst7y ago

My GitHub.com password is >100 characters long and I deem it a critical account (hence the password length), so yes, I do use a password manager for it.

ZinggiOP7y ago

Oh, than I misunderstood, sorry. You're absolutely correct.

j / k navigate · click thread line to collapse