Hacker News new | ask | show | jobs
by schmichael 1391 days ago
> I thought the 2FA all the big services have is so that they will deliver you your encrypted vault, rather than another layer of encryption?

Correct, 2FA is protection in addition to your password manager. So if someone gets your unsealed vault they cannot log into any services without also compromising your second factor. 2FA is not for further cryptographic hardening of the vault itself.

> The real threat is that you're putting your password for decryption into a proprietary blob with an internet connection and auto-updates enabled. It might be sending your password random places now or maybe at some later point.

If you use Chrome and Safari your passwords are going through a proprietary blob with an internet connection and auto-updates enabled. If you use extensions for your browser they likely can steal all of your passwords.

Nothing can protect you if you don't trust any of the code you're putting your secrets into, although 2FA with some USB devices cover a mind boggling range of threats. A keylogger and screen capture combined wouldn't be sufficient to bypass them.

> Note that even a source-available password manager doesn't really solve this issue if it's not self compiled

Are you compiling your browser from source after verifying every line of code it contains? If so what makes you think you can trust your compiler?

You have to trust something. Choose your threat model. Choose your risks. Live your life.
1 comments
jrm4 1391 days ago
Actually -- a "web of trust" idea for the browsers is quite sufficient.

Google et al... have already proven that they are at least decent at security and that they care about things owing to their success in the market. They've proven that they've handled this reasonably well and following their lead on how to do security in software is probably pretty good. They have both experience and skin in the game, lots of it, in the form of lots of money et al.

NOW, these password companies? NOPE. They simply don't have the right incentives in place to be trustable. (or more specifically, that they're going to be much better at securing my stuff than I will) They're too young and don't have sufficient "punishment" at the ready for me to be able to trust them much. They don't do indemnification, and liability for them isn't going to be great. I can't presume the same level of skill or care because the infrastructure/incentives aren't as presumably solid.

(Put differently, the Lifelock guy was a hero, he was at least willing to put something real on the line.)

link