![]() ![]() ![]() In the case of LastPass and other cloud-based password managers, the attack surfaces and associated threats are much larger. That is not to say these systems are especially weak against local threats - protecting the database with a strong password and encryption algorithm largely mitigates this - but that one is not likely to be much better than the other in such scenarios. Note that I am not comparing local threats (involving physical access) here, because this is something that affects both options pretty much equally - you must have a local copy of your password database somewhere in order to use it, so you will be equally vulnerable to physical threats regardless of whether you use a cloud-based or local-only solution. As long as you follow regular security best practices on your system (apply software updates, use antivirus, keep a properly configured firewall and/or router between you and the Internet, etc.), your password database is probably safe from Internet-based threats. Generally speaking, these are not likely to be subject to targeted attacks (or, as the media likes to call them, APTs). With an application such as KeePass, where you have full control over the storage of your password database (presuming you're not putting it up on DropBox or something), the only attack surface you have to worry about is your own system and the devices on which your password database is stored. If you're looking to compare a cloud service like LastPass to a local application such as KeePass, then yes, there is a security tradeoff. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |