|
|
|
|
|
|
by Fnoord
2476 days ago
|
|
|
> IMO the relevant thread model is more that they can convince / coerce / do it themselves the provider to change the javascript that does the client side decryption. Yes, this is the MITM I referred to in another post. I'm not sure the fingerprint phrase [1] is adequate to mitigate that danger > I wish there were something that used (as a second round of encryption) a key residing on a yubikey to decrypt the password of individual entries, without going through gpg. Going through gpg just seems to complicated and fragile to me, and has annoying restrictions like not really allowing multiple yubikeys. I currently use 2 YubiKeys with OTP and 2 YubiKeys plus 2 Solos with FIDO U2F on top of an Authenticator App as backup. There's backup codes as well. E-mail or SMS I prefer not to use (they don't provide SMS AFAIK but do provide Duo). I plan on fine-tuning this once I receive my new smartphone with NFC and my Somu; then I will likely remove some of these keys, reset them, and sell them. [1] https://help.bitwarden.com/article/fingerprint-phrase/ |
|
|