undefined | Better HN

0 pointsjimmydorry4y ago0 comments

Lastpass simply downloads your password database as an encrypted blob which you unlock locally with your master password. The fact that this unlocking is somewhat automated does not change the fact that it acts identically to your proposed solution.

0 comments

t0astbread4y ago

Okay, I don't wanna go into a fight over Lastpass because I don't know its tech deep enough to make a judgement (and HN reply limit would prevent it anyways). My point is, there are still some general differences between an online password manager and an offline password manager + file sync combination:

- There's no way a flaw in an authentication protocol could compromise a master password (because the file sync software is completely detached from the password manager).

- Someone who compromised your master password can't get your passwords without first obtaining your database files.

That being said, I don't think online password managers are inherently insecure or anything like that.

j / k navigate · click thread line to collapse

0 pointsjimmydorry4y ago0 comments

0 comments

t0astbread4y ago

- There's no way a flaw in an authentication protocol could compromise a master password (because the file sync software is completely detached from the password manager).

- Someone who compromised your master password can't get your passwords without first obtaining your database files.

That being said, I don't think online password managers are inherently insecure or anything like that.

j / k navigate · click thread line to collapse