undefined | Better HN

0 pointsaborsy3y ago0 comments

No. When you login to LastPass, your password can be taken if LastPass is compromised. You have to trust that LastPass will not do it. If you login to Dropbox, the master password to your keepass database cannot be stolen. You don’t need to trust Dropbox.

But what you said is also an additional benefit.

0 comments

lolinder3y ago

In theory, the master password is never supposed to leave your device even with the cloud-based password managers. So, yes, you're trusting that their clients do what they say they do, and I suppose an attacker could hijack the client and offload your password.

That said, the same risk applies to any client you use. Someone could have compromised the latest update of KeePassX as readily as they can compromise LastPass's client. If you don't have automatic updates then that's helpful, but I'm not sure it's producing enough security to be worth the extra hassle.

Dylan168073y ago

Having to compromise KeePassX rather than Dropbox, and specifically while you are updating, is not an insignificant difference.

1 more reply

j / k navigate · click thread line to collapse

0 comments

lolinder3y ago

Dylan168073y ago

Having to compromise KeePassX rather than Dropbox, and specifically while you are updating, is not an insignificant difference.

1 more reply

j / k navigate · click thread line to collapse