Nobody cares that you are a some security manager who came up with top secret criteria and had their business analyst compare buzzwords on websites. If you don't care to detail then nobody should listen to your recommendations. Overall, it is an excellent layer of security, and does a good job at mitigating a backend database exfiltration attack.
kdbx file, it is still protected against brute-forcing. An attacker would have to get at an endpoint like a smartphone or tablet to get that keyfile, so even if they get access to the. I generate a keyfile, copy it from device to device, then store a copy offline. KeePass programs, like KeePassXC, KeePass, and Strongbox can use a keyfile. There are two other PW managers that do this:Ĭodebook creates a sync key which is used in addition to one's master password on cloud storage. This will stop a brute force attacker cold. To obtain access to my 1Password stuff (authentication) requires my username, password, secret key, as well as either a TOTP code or a FIDO token press.
It adds a third factor to authentication. Before I do a mass password change (I do this on a semi annual basis), I rotate out the old 1Password key. It can be rotated out, ensuring that the backend database is not able to be decrypted, even if a past version of the database, the attacker had the password and the secret key. This is something that all PW managers should consider having as an option:Īs per the link, it ensures that a theft of the backend data is mitigated, because an attacker can't just brute force a user's password, but has to get that secret key somehow. The use of the secret key, as a part of encryption with the pass phrase is why I use 1Password.
0 kommentar(er)
