|
|
|
|
|
|
by Someone1234
2465 days ago
|
|
|
That only makes sense when you ignore the bigger picture. Before browser-based password managers people weren't using password managers at all. The two most common (and successful) attack vectors have been via password reuse and low password quality. Convenience, context aware, device agnostic, browser based, password managers have been successful in convincing the general public to use a password manager at all. The use of a password manager allows people to have per-site and higher quality (e.g. long/difficult to remember) passwords. This has had a positive impact on people's security. KeePass and similar "offline" solutions avoids some specific attack vectors. However, both "offline" solutions and browser-based extensions also share a great deal of vectors. For example if bad-ware has local execution inside the user's context, all bets are off (assuming you're running KeePass and the database is decrypted in memory, which you need to in order to retrieve a password). It is fine to suggest options people feel are superior, but ultimately the conveniences are a security benefit within themselves because people are actually using and sticking to password managers (thus avoiding password re-use/low quality passwords). |
|
|