{"id":97,"date":"2021-05-30T02:57:35","date_gmt":"2021-05-30T02:57:35","guid":{"rendered":"http:\/\/jrm4.com\/blog\/?p=97"},"modified":"2022-09-30T02:58:19","modified_gmt":"2022-09-30T02:58:19","slug":"cloud-based-password-managers-are-stupid","status":"publish","type":"post","link":"https:\/\/jrm4.com\/blog\/cloud-based-password-managers-are-stupid\/","title":{"rendered":"Cloud Based Password Managers are Stupid"},"content":{"rendered":"<p>This is pretty simple. Without one, your password is in one location. When you use one, it is now in (at least)\u00a0 two. And the second one is probably a significantly more attractive target for intruders, since there is likely to be a whole bunch of other goodies there as well.\u00a0 As we in the biz say, you have significantly increased your &#8220;threat attack surface.&#8221;\u00a0 &#8220;MyPassCloud&#8221; or whoever is *definitely* going to have way more people going after it than your little cats with googly eyes instagram account.<\/p>\n<p>True, they might be safer for individuals who are bad at keeping their own passwords safe. But they do not have any special encryption that you can&#8217;t get yourself, for free \u2014 and they are almost certainly worse than your grandma&#8217;s yellow legal pad with cleartext passwords sitting next to her computer.<\/p>\n<p>If the convenience is worth it for you, that&#8217;s fine \u2014 it&#8217;s just that they need to be more honest about it; you&#8217;re getting convenience at the price of significantly greater risk.<\/p>\n<p>As always, I could be proved wrong with a little &#8220;skin in the game.&#8221; Ask how many of these services are willing to indemnify you in case of a breach i.e. you get hacked, they pay you for the damage. That would absolutely be worth paying for, but I&#8217;m pretty certain that none of them are willing to do it. Any takers out there?<\/p>\n","protected":false},"excerpt":{"rendered":"<a href=\"https:\/\/jrm4.com\/blog\/cloud-based-password-managers-are-stupid\/\" rel=\"bookmark\" title=\"Permalink to Cloud Based Password Managers are Stupid\"><p>This is pretty simple. Without one, your password is in one location. When you use one, it is now in (at least)\u00a0 two. And the second one is probably a significantly more attractive target for intruders, since there is likely to be a whole bunch of other goodies there as well.\u00a0 As we in the [&hellip;]<\/p>\n<\/a>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/posts\/97"}],"collection":[{"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/comments?post=97"}],"version-history":[{"count":1,"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/posts\/97\/revisions"}],"predecessor-version":[{"id":98,"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/posts\/97\/revisions\/98"}],"wp:attachment":[{"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/media?parent=97"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/categories?post=97"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jrm4.com\/blog\/wp-json\/wp\/v2\/tags?post=97"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}