Comment on My new favourite password manager
Quacksalber@sh.itjust.works 1 year agoIn theory at least, online services would be more safe than a locally decrypted vault. If your computer is compromised, the bad actors can pull your encrypted vault for an unlimited brute force attack. Of course, this can be mitigated by increasing the decryption time. However, if your vault is already decrypted, then bad actors can just pull all your password from your memory.
I, for one, am decrypting my vault once when I start my PC. In theory, if I were to use an online solution, bad actors wouldn’t be able to pull my vault from memory.
Synnr@sopuli.xyz 1 year ago
It’s the same issue once you login to your vault via browser extension. Even if they don’t store your vault password in memory, they either store the entire vault (unlikely for size reasons) or a more temporary key to access the vault. Local compromise is full compromise already.