It shouldn't be possible for a senior DevOps engineer to use her or his personal computer to access and store highly sensitive corporate data and infrastructure. But I'm sort of thinking I might switch back for the reasons above.Įverything about the screams amateur hour. So it's not just about getting your vault password after breaking into the cloud cloud, but also dealing with that layer to get useful data.įull disclosure: I used to use KeePass with files hosted on Google Drive but now am using BitWarden. Even then, that only gets someone the encrypted vault, nothing else.Ĥ) KP supports real challenge-response using Yubikey (unlike LP and sadly, I think also BitWarden) via a plugin. Of course, this assumes one does use their cloud account properly (strong PW, 2FA, etc.)Ģ) You're storing a fully encrypted vault on your cloud (or a commercial cloud), unlike LP did and does as of today.ģ) A breach requires getting access to your/a commercial cloud account first, which should be protected by a good PW and 2FA anyways (see point 1). Yet it is secured by people who are likely as competent as LP (if not more, depending on your cloud provider). Many have come up in this thread and others on Ars, and include:ġ) LP and other cloud-based PW managers have a huge target on their back, whereas your individual cloud account probably does not. But your mileage may vary.Ĭlick to expand.It's not even the only reason that KeyPass hosted on your own cloud is better than LastPass.
Personally, a company like 1password, that is very front and center about their 3rd party security audits, is likely more secure than anything I would host myself, so I'm using that. In the end, which of these aspects is more important to you will decide if you prefer a solution like KeePass with manual sync, KeePass with synchronization based on commercial cloud storage (Dropbox, OneDrive, iCloud.), a self hosted solution like Bitwarden, or a fully cloud based application like lastpass (maybe reconsider?) or 1password - or if the onboard solutions like Keychain are good enough. If your vault never leaves your PC, the attack surface certainly is smaller. So, more insight into the code and security practice means threat actors have more to work with. On the other hand, the concept of encryption is mathematics - the actual implementation very much can have flaws, vulnerabilities and mistakes. On the one hand, the concept of encryption is mathematics - it isn't dependent on the code or the encrypted files staying secret. News about breaches of password managers always conflict me.
0 kommentar(er)
