undefined | Better HN

0 pointsstaticassertion4y ago0 comments

The vault is almost always protected by the master password. That single password is what's used both to retrieve the vault and to decrypt it.

The only difference is going to be if the remote vault requires a separate auth factor. And that's a legitimate thing to consider. But I think (but I haven't thought much about it tbh) if you have a secure master password then the situations where this matters are limited.

0 comments

2 comments · 1 top-level

jotaen4y ago· 1 in thread

> That single password is what's used both to retrieve the vault and to decrypt it.

Not sure how you mean that: if I used Keepass for example, which uses a file vault, and I told you that my master password was `p4ssw0rd`, how would that give you access to my vault and hence to any of my passwords?

staticassertionOP4y ago

Sorry, I had assumed you were referring to systems where the vault is distributed.

j / k navigate · click thread line to collapse