![]() ![]() What happens if you have a house fire? What if you are out of town and need to replace your phone? I'll just retrieve my master password and change the settings. ![]() I know, you say you aren't concerned about physical access, but c'mon: the threat mitigation is trivial if you pick a reasonable master password. What happens if you restart the device? I discourage people from allowing their device to keep the master password in permanent storage it creates an unnecessary threat surface. I have both set up that they just need a pin code to unlock the vault. You can create a completely adequate DiceWare passphrase that you can memorize. That I don't even have remotely memorized. May seem like a hassle, it sure feels limiting, but damn you will be happy the day it pays off. ![]() You shouldn't use pins and you shouldn't delay the the need to log in with 2FA for to long periods. You should know your long yet personal simple masterpassword. When everyone with knowledge recommend the same it is often a very good reason for it. that is very simple in thought, until the day you stand alone without your phone nor computer. Then you have to get your hard copy of masterpassword and access to a device. For access to passwords offline there has to be a copy of the vault locally, meaning that as long the devices are offline any remote change of settings wouldn't work?Īnyway, say both devices are stolen. I'm not familiar with Bitwarden as i use Keeper, but i assume they work somewhat similar. Also OP mentioned they would just "change the setting". ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |