Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not sure if this is satire. You trust the "cloud" and whatever does the syncing to the cloud? I definitely don't trust anything that "syncs to the cloud".


I read their comment to be “I trust myself to lose a hardware key, but not a software key that’s backed up and synced across all my devices.”

That’s one way to look at it: passkeys are just a more convenient form of authentication compared to passwords. Although in my mind you’re arguably not achieving a whole lot considering the security bottle neck is still the same, being the login to your password manager.

I use physical Yubikeys so I’m a bit out of the loop here, but are there any methods for protecting your root password to your password manager in this scenario?


> I definitely don't trust anything that "syncs to the cloud".

What if you lose your device? Do you install alternate passkeys in a second device? Do you have to do that for every site and service?


I use KeePassXC, and I have backups, if that counts, at least for passwords/passphrases and TOTP.


do you have offsite backups?


I do not have any backups on any servers, I have them on other media that I have physical access to.


It doesn't matter as long as it's encrypted. Use rclone crypt and upload to whatever "cloud" you want


If it is encrypted (incl. the filenames), sure, but is it usually the case? If I do it manually, of course it would be, but all these modern "sync to cloud" solutions, I absolutely do not trust.


Sure, why not? The cloud is just somebody else's computer, and if I don't trust that somebody to not take a peek, I'll make sure to encrypt my data first.

Many password managers do just that.


Probably not satire. He/she doesn't need you to trust it for them to use it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: