Not if you protect the master key with MFA, like a yubikey. Then it’s cryptographically secure for quite a while…at least until quantum computing is affordable enough to be used against your data. Or the database and your yubikey and yourbpassphrase are compromised
You’ve got a good point. I wonder if this an example of a trade-off between convenience and security. If you’re logging in and you get an MFA prompt, a Yubikey has to be physically searched, while Bitwarden or Proton Pass only have to be clicked. A Yubikey can only hold a limited amount of accounts, while Bitwarden or Proton Pass could hold many more. Of course, a Yubikey could be used as MFA for Bitwarden or Proton Pass, but that would create a single point of failure and reduce factor separation (which I think is your original point).
While I posted a Bitwarden or Proton Pass recommendation of sorts, I genuinely wonder if it’s advisable to not use MFA at all if the factors will not be separated. Or, perhaps, the best security solution is the one you’ll actually use. I guess the answer is the good ol’ “What’s your security model?”
These are not local solutions, but are cross-platform and open source: Bitwarden or Proton Pass.
Doesn’t synced solutions completely defeat the purpose of MFA?
Not if you protect the master key with MFA, like a yubikey. Then it’s cryptographically secure for quite a while…at least until quantum computing is affordable enough to be used against your data. Or the database and your yubikey and yourbpassphrase are compromised
You’ve got a good point. I wonder if this an example of a trade-off between convenience and security. If you’re logging in and you get an MFA prompt, a Yubikey has to be physically searched, while Bitwarden or Proton Pass only have to be clicked. A Yubikey can only hold a limited amount of accounts, while Bitwarden or Proton Pass could hold many more. Of course, a Yubikey could be used as MFA for Bitwarden or Proton Pass, but that would create a single point of failure and reduce factor separation (which I think is your original point).
While I posted a Bitwarden or Proton Pass recommendation of sorts, I genuinely wonder if it’s advisable to not use MFA at all if the factors will not be separated. Or, perhaps, the best security solution is the one you’ll actually use. I guess the answer is the good ol’ “What’s your security model?”