Cloud Based Password Managers are Stupid

This is pretty simple. Without one, your password is in one location. When you use one, it is now in (at least)  two. And the second one is probably a significantly more attractive target for intruders, since there is likely to be a whole bunch of other goodies there as well.  As we in the biz say, you have significantly increased your “threat attack surface.”  “MyPassCloud” or whoever is *definitely* going to have way more people going after it than your little cats with googly eyes instagram account.

True, they might be safer for individuals who are bad at keeping their own passwords safe. But they do not have any special encryption that you can’t get yourself, for free — and they are almost certainly worse than your grandma’s yellow legal pad with cleartext passwords sitting next to her computer.

If the convenience is worth it for you, that’s fine — it’s just that they need to be more honest about it; you’re getting convenience at the price of significantly greater risk.

As always, I could be proved wrong with a little “skin in the game.” Ask how many of these services are willing to indemnify you in case of a breach i.e. you get hacked, they pay you for the damage. That would absolutely be worth paying for, but I’m pretty certain that none of them are willing to do it. Any takers out there?

Write a Comment