Why are you under the impression that accessing your KP database is guaranteed to alert you. I can't imagine how that could possibly be true without the master key being stored in some service running somewhere and you're notified when it's used. Which, well, would explain how your key was compromised. Otherwise it seems highly misleading to assume that no email = no compromise.
Doesn't really matter though, it would've been mitigated by not keeping the KP database decrypted at rest or by using 2FA. Both of which are SOP for hardware token users.
For real, at this point if you don't have a yubi/nitrokey on your keychain, I assume you just don't care about actual account security.
Doesn't really matter though, it would've been mitigated by not keeping the KP database decrypted at rest or by using 2FA. Both of which are SOP for hardware token users.
For real, at this point if you don't have a yubi/nitrokey on your keychain, I assume you just don't care about actual account security.