[craftyguy]

> That's why it's a very good idea to pair as many devices as you can

Doesn't this increase your attack surface greatly though? The more devices you have this on, the greater chances that one or more of them could be compromised and used to access your passwords. Since there's no master key, one has to only compromise the OS to get at everything. Given that so many devices do not receive regular security updates, this seems like it would be a concern..

[Zinggi]

> Doesn't this increase your attack surface greatly though?

That's true. I suppose it's a trade off between protection against lost vs. smaller attack surface.

> Since there's no master key, one has to only compromise the OS to get at everything

That's wrong, compromising one device doesn't give an attacker anything useful. Only if two or more devices have been compromised can passwords be decrypted. But in any case, I think if your device is compromised you might be in bigger troubles anyway. E.g. if an attacker controls your device, ransomeware might be easier and more lucrative to them than going after more devices to hunt for passwords.

[craftyguy]

> That's wrong, compromising one device doesn't give an attacker anything useful

Yea I understand that, but by having a large number of devices with this on it, you increase the chances that any two of them could be compromised. That was my point, I just didn't articulate it well enough.

[smittywerben]

Does anyone use a password manager for critical accounts?

I use them to generate random passwords for sites like yahoo or neopets (or whatever).

[jsjohnst]

My GitHub.com password is >100 characters long and I deem it a critical account (hence the password length), so yes, I do use a password manager for it.

[Zinggi]

Oh, than I misunderstood, sorry. You're absolutely correct.