J
J
jimmyjimm2020-03-08 19:30:43
Passwords
jimmyjimm, 2020-03-08 19:30:43

How secure is it to store a password manager in the cloud of the provider of the manager itself?

Good afternoon. I want to start using a password manager, I studied this topic for a couple of days, but, as a person far from IT, I ask for your help in clarifying some issues.

1) How can my master password be stolen/hacked, in theory? As I understand it, the account with all my passwords is stored in encrypted form on the password manager server (I do not consider local storage). Does this mean that the only way to steal my master password will be to massively drain the entire cloud? Well, except for the fact that I can download some kind of malware and viruses there. So I'll find out from the news about the leak if it happens, right? I just want to know if there can be such a situation when I won’t even know that my master password was stolen and got access to all services in general, and I won’t even realize this for a long time due to the absence of any signs. So, in fact, there is nothing to be afraid of at all? Well, if you are an ordinary mortal, and not some kind of activist journalist, who is purposefully targeted? The chance that only me, and not millions of users of this password manager, will be hacked at once, is it minimal?
But what if I still choose to store passwords only on the device (computer), and on the phone I will manually interrupt the new generated passwords for all services? Long, tedious, but it will be safer if I don’t store it in the cloud, right? Or is it not worth it to be so paranoid? I just looked recently, my mail, it turns out, is in 6 different mass leaks, and on three services they logged into my accounts and used ... So I became paranoid, I want to protect myself as best I can, but I can’t even raise my servers and so on guides on the internet. I want at least with the password manager to competently resolve the issue.

2) Is it safe to use the browser extension? I have generally heard that if something has a desktop application, it is safer to use it than the web version (at least that's what they said about the Proton Mail mail service). But still, everyone likes, as I see it, to use the browser extension in the case of password managers.

For the time being, I decided to choose Bitwarden, simply because it does not cut the main features in the free version, otherwise in all others you need to pay thousands of 3 immediately in a one-time payment for an annual subscription to the App Store.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Alex, 2020-03-09
@jimmyjimm

In general, password managers in the cloud can be trusted.
1) for example, a keylogger on your PC, or a malware on your phone. or phishing will catch you.
2) as long as it's safe. no malware has yet been seen that can "take" passwords from , a password manager browser extension (such as lastpass for example). but i think it will be soon. all these extensions hold the master key in special. browser memory permanently. This memory can theoretically be accessed by other extensions and scripts, or software such as a cheat that is injected into the browser.
it is more important to choose one reliable browser (chrome) where you will have this password manager (and update it often) and log in where you need to. and for normal web surfing - use a different browser.

R
Ronald McDonald, 2020-03-08
@Zoominger

In AppStore? What's wrong with iCloud? And it stores passwords, and substitutes where necessary, and can generate it itself.
And passwords can merge if your master password is cracked, then you don’t need to merge the cloud either.

A
Alex__01, 2020-03-16
@Alex__01

My answer is that you are always at risk .. No matter where you store it, you can hack everything if you wish. The question is how interesting you are as a cracker to waste time on you.
Make complex and non-repetitive passwords
Az-Zx: 0 - 1: @#%/=* (at least 10 characters long). A similar password to crack an average computer of 45 years is required

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question