|
|
|
|
|
|
by kemotep
924 days ago
|
|
|
Ideally self hosted bitwarden (or a local only password manager such as keepassxc with passkey support) using a master password and a security key for the 2nd factor with all the accounts in your vault using passkey makes it so you need to know 1. the master password password, 2. have the security key, and also have 3. access to the vault. The website being breached and the passkey public key being dumped is meaningless. They are more likely to compromise a site’s admin access that can get into user accounts than ever crack public key cryptography or simultaneously acquire all three factors necessary to gain access to my vault. And no matter what I do on my end (except only use sites that take security seriously) can stop that. |
|
|