|
|
|
|
|
|
by judge2020
1144 days ago
|
|
|
Maybe for browsers on Windows it'll default to storing the key purely on-device, but especially with iCloud Keychain the key is not encrypted by the on-device processor. This does not make it as "insecure as a password". It does mean you can use root/OS access to exfiltrate keys, but it closes the following security holes that affect passwords: - keyboard sound-based exfiltration[0] - visual exfiltration (someone recording you enter your password, or looking over your shoulder and memorizing it) - credential stuffing, where people who reuse passwords get pwned when the same leaked password is used on other websites 0: https://www.independent.co.uk/tech/cyber-security-passwords-... |
|
|