top | item 46306182

(no title)

timmyc123 | 2 months ago

You're quoting the first post of a long discussion, where the importance of protecting your data on disk was highlighted, and a proposal was made that at minimum, the default should be encrypting the backup with a user selected secret or key.

> But I want to use Apple Passwords.

You're choosing to use an app that doesn't meet your needs, when there are numerous apps out there that do meet your needs. I'm not sure how anyone is supposed to solve that for you.

discuss

lapcat|2 months ago

> You're quoting the first post of a long discussion

"You absolutely should be preventing users from being able to copy a private key!" is the 8th post in the discussion.

Do you stand by these words, or are you now repudiating them?

> You're choosing to use an app that doesn't meet your needs

I am using an app that meets my needs. I don't need passkeys. It's just other people telling me that I need passkeys.

timmyc123|2 months ago

Copy and paste in clear text? Yes, I don't think that's a good idea. Download to disk in clear text? Yes, I don't think that's a good idea.

Years and years of security incidents with consumer data show that this is a really bad idea.

At minimum, a credential manager distributed for wide use should encrypt exported/copied keys with a user selected secret or user generated key.