|
|
|
|
|
|
by jfrunyon
1684 days ago
|
|
|
> the 'something you have' is the password manager The problem is, assuming your master password is unique (I hope so!), all of the likely vectors for exposing it also expose the database, even if it's only kept locally. Having the database only stored in one place is also quite inconvenient, of course, and any sync mechanism adds even more opportunities for it to be exposed. My computer could very easily have a zero-day vulnerability get exploited. So could my phone. Either one would expose anything I do on it (for example: access my password database using my master password). (My solution to this is to use a security key for as much as I can. If you're not concerned about this risk, great, but it definitely is a threat.) |
|
|