![]() There is no password reset or other mechanism to change that. If your password file is ever read by a bad actor, the encrypted version is out in the world. I'll add that it is important to use a secure master key. The master key is a key used to encrypt and decrypt the password file. To clarify, you aren't logging to Keepass. I've not used the XC version, but I assume this also applies to it. I wonder if it's because I use a portable version of KeePassXC on a USB drive? I'd like to know if experienced users see this and what they've done about it. I'm still puzzled by the Windows Security pop-up that occurs after I log into KeePassXC. Thus, I will likely be using the browser extension. ![]() I guess that would be a drawback of the standard autofill feature using that I was easily able to populate user/pw in an incorrect site. I like that I can't fill user/pw fields unless the URL matches. I've played around enough with KeePassXC to understand the operation of the browser extension and its value. My self-deception is believing that avoiding chrome actually enhances privacy with respect to google in any meaningful way: I'm not a fan of google's one time passcodes, but they may be needed if the Authenticator app is used for 2FA. I've not evaluated the lockout risk using the google Authenticator app. I think the situation is improved with yubikeys for google account 2FA. I have in the past been locked out of a google account and had to abandon it. (The passphrase to open the safe of course cannot either). But such a configuration means the password for the GV account cannot be stored in the chrome password safe. The benefit is that a compromise of that machine does not compromise the accounts. This is probably a more stringent commitment than some would be willing to make. If using google voice SMS 2FA, I would want to have a separate google account for the GV and for the machine where the browser and password safe is located, and not login from that machine to the GV account (as per the first paragraph above). I don't use chrome, but I think using chrome and its password-protected safe with a robust 2FA can meet those requirements. not generally susceptible to being locked out Generally, the overall methodology should be: ![]() And someone without InfoSec expertise may not get it right. That said, service providers all have different 2FA protocols and different password reset mechanisms, which can lead to chasing one's tail finding the configuration that achieves that fully, or even for the most critical accounts. There is meaningful additional security to be gained by segregating passwords and any credential or system that can be used to reset passwords from 2FA mechanisms and any systems or credentials that can be used to gain access to 2FA facilities. I think there's a lot of self-deception involved in thinking any meaningful additional security is gained by going through the trouble of getting a 3rd party solution that could very well prove to be an additional vector of attack. At least for those that do, I think there's a lot of self-deception involved in thinking any meaningful additional security is gained by going through the trouble of getting a 3rd party solution that could very well prove to be an additional vector of attack. But it's the most popular browser by far, so most people use it exclusively. If you don't use Chrome exclusively, that's a different story. Chrome works on all platforms, and I have no need or interest in any other browser. ![]() And if it works in Chrome, that's all I need. I am heavily invested in their ecosystem anyway, early adopted of G Suite and the whole nine yards. I do not, however, believe they are not outright lying, and I trust them to implement correctly more so than anyone else out there.īut that's just me. If you don't believe them that that is their intention, then sure. Google allows you to encrypt passwords with a passphrase so they can't see them. On top of that, I can use my vault in most any browser on most any platform (not referencing keepass obviously) Everything they “give” you exists to further that. Google exists to collect your data and sell ads. I do not see what they offer that I care about that Chrome does not. I never understood an allure of 3rd party online password managers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |