Hacker News new | past | comments | ask | show | jobs | submit login

True, but keyloggers aren't one of the threat vectors I am most concerned about, and as mcpackieh said, it still limits the potential damage quite a lot.

We all have to gear our security mechanisms toward our particular threat assessments.




What is your biggest concern? I would think key loggers are a more common threat than attacks on the password manager directly, especially if you're running something niche. What else do you gain from keeping it air gapped?


Keyloggers rank low for me because I'm only using my own devices that I have physical control over, so a dongle is unlikely. A keylogger would have to come in through malware.

That's certainly possible, but if malware were able to get installed despite my other protections, then I probably have much larger issues. And the keylogger would have to phone home with the data, which is unlikely (but not impossible) to happen without raising some alarms.

So I'm more worried about sharing data with the password management company systems themselves. If there's no real reason to send data over the net, then I don't want to send data over the net. The smaller the attack surface, the better.

It's just my personal policy. In reality, I don't consider either keyloggers or password management company computers to be huge enough risks that I lose sleep over them. Plus, I don't want to become reliant on a particular piece of software to do important things -- typing my password by hand means that I'll have the most common passwords memorized, so if something goes wrong that prevents the use of the password manager, I'm not locked out of anything.


Antivirus can detect keyloggers. So much less threat compare to losing entire key db.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: