top | item 12890606

(no title)

supersan | 9 years ago

I think there is where the connected version can play an important role. From my understanding it stores everything but the password, so that can keep track of password rules, counters, etc per site.

I think the biggest issue still is what happens when you change your master password? Because I couldn't find an answer for that.

>aside of storing the state somewhere, but if you're doing that, why not just store the password?

Because even if the state information is compromised, it is useless to the attacker. On the other hand, if a password is leaked that can be used to access the account.

discuss

y7|9 years ago

State for password managers is almost always stored encrypted, i.e. in a form useless to the attacker.