[cell9840179419]

If someone pwns your m/c they can "search" and get all password right, what am I missing? May be you should prompt for the master key instead of exporting? Or you are depending on the fact export goes away with the term session?

[whatl3y]

That’s correct, in most envs exports go away when the session terminates. I guess prompting each command could work, but the UX for that would be awful. I feel like the main concern you’re pointing out “if someone gets hold of your master key all your accounts are compromised” is the same issue any password manager like LastPass has. At least this tool everything is on your machine and you control it instead of a 3rd party. The encrypted flat file is portable and can be sent to other machines or servers as needed as well.

[vorticalbox]

Lastpass will also send an email asking for verification when signing in from a new location