|
|
|
|
|
|
by zaynetro
1204 days ago
|
|
|
> If you are an important politician, an opposition figure or a dissident of some kind, some unfriendly country might decide to invest lots of money in order to gain access to your data. A six words password (77 bits of entropy) should be out of reach even to those actors for the foreseeable future. In case you are in this position I fear that increasing password strength is one of your least worries. We saw with LastPass breach that it is possible to install a keylogger on one of security specialist's machine which ultimately defeats any password. IMO you'd better find a specialist or a company you trust to safeguard your devices' from any malicious apps. P.S a mandatory XKCD's comic https://xkcd.com/538/ |
|
|
Yes, nothing I wrote negates the need for other security precautions. Keeping around a software which is accessible from the internet while not installing any updates for it (the vulnerability in question was already two years old) – obviously a bad idea. Installing software updates timely is always the first step for everyone.
But to address a specific concern of uploading your passwords to the cloud, a strong master password is a solution. And: no, keeping all passwords stored in a local file is far less convenient but not necessarily more secure.