You lose access to your passwords, that's the consequence of that approach.
That's why it's a very good idea to pair as many devices as you can, e.g. an old phone, your work PC, etc.
This way you're pretty save from any loss.
In general, if you save your passwords with security level N (meaning you need N devices to unlock), if you lose all but N-1 devices, you lose access.
You can also add a "key box", which gives you one more "device", but requires you to remember a password.
> That's why it's a very good idea to pair as many devices as you can
Doesn't this increase your attack surface greatly though? The more devices you have this on, the greater chances that one or more of them could be compromised and used to access your passwords. Since there's no master key, one has to only compromise the OS to get at everything. Given that so many devices do not receive regular security updates, this seems like it would be a concern..
> Doesn't this increase your attack surface greatly though?
That's true. I suppose it's a trade off between protection against lost vs. smaller attack surface.
> Since there's no master key, one has to only compromise the OS to get at everything
That's wrong, compromising one device doesn't give an attacker anything useful. Only if two or more devices have been compromised can passwords be decrypted.
But in any case, I think if your device is compromised you might be in bigger troubles anyway.
E.g. if an attacker controls your device, ransomeware might be easier and more lucrative to them than going after more devices to hunt for passwords.
> That's wrong, compromising one device doesn't give an attacker anything useful
Yea I understand that, but by having a large number of devices with this on it, you increase the chances that any two of them could be compromised. That was my point, I just didn't articulate it well enough.
My GitHub.com password is >100 characters long and I deem it a critical account (hence the password length), so yes, I do use a password manager for it.
That's why it's a very good idea to pair as many devices as you can, e.g. an old phone, your work PC, etc.
This way you're pretty save from any loss.
In general, if you save your passwords with security level N (meaning you need N devices to unlock), if you lose all but N-1 devices, you lose access. You can also add a "key box", which gives you one more "device", but requires you to remember a password.