In the end it's a tradeoff between security and usability. that way i reduce the number of layers i can potentially reveal my passwords on, either through intended attacks or unintended accidents (bugs/vulnerabilities). instead of trusting keepass, my browser and my browser extensions, i trust keepass alone to erase my passwords from my clipboard after a certain period of time (and to do it properly such that it leaves no traces). Regarding clipboards in general, they belong to the OS layer and that part of the memory is kept private. i sincerely hope my point is not lost here. now compound that by the number of extensions you have at any one time, with the risk that any one of them might be vulnerable. firefox's telemetry, google chrome's usage reports, general bugs). The browser alone is an additional layer to worry about (e.g. Otherwise, i stand corrected, but my original point was to drive forward the number of layers you add for the sake of convenience which ends up compromising security in the long run, especially with the consideration of the nature of browsers and browser extensions in general, and that point still stands. i'd be very worried if any sites had any sort of interaction with keepassxc. I think you meant the keepassxc browser extension instead of the site. can't say the same if i throw my browser and extensions into the mix. i personally chose not to because my password database is extensive and i cannot afford to risk losing the confidentiality factor to it, and the only way that's going to happen to me is if my OS clipboard is being monitored (unlikely) or if someone has the master password to my database (also unlikely). If the browser extensions make things more convenient for you, feel free to use them.
security in this sense is basically reducing the number of layers (or attack vectors) for potential attacks to take place. it's a tradeoff you make between convenience and security. Whether the browser extensions are secure or not isn't really the matter here.
the difference here is that we're not involving any browser or browser extensions. asking if you want to retrieve a password for a specific site is just salad dressing tbh, much like choosing a specific password to copy onto your OS clipboard. The way keepass (and keepassxc, which is essentially a fork of keepass to support more operating systems) works is that once your offline database is unlocked, all your passwords are accessible.
0 kommentar(er)
