I’m just scared that they’re saved with reversible encryption on the disk, then malware could steal them

  • brianary@startrek.website
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    I was with you right up until the unique passwords. I do use a different randomly generated password for each site.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      And honestly, that’s the 80% of the 80/20 trade-off for security vs practicality. If you use a different password for each site, you’re protected from the most common attacks (password dumps). The rest of the measures you could take are just optimizations on the last 20%.

      If you have a solid backup plan for if you get hacked (e.g. only use credit online), you’re probably fine. Most likely, you’re not going to get your browser password manager scraped, because that means you need to both get malware, and get the type of malware that knows how to scrape browser password manager data. If it’s protected by a master password, it’s incredibly unlikely you’ll get hacked unless it’s a targeted attack.

      But if you want to go the extra mile, you can close a lot of that 20% with a few extra measures. It’s up to you how far you choose to go.