Jump to content


  • Content Count

  • Joined

  • Last visited

  1. It is (in my opinion) still way better than not using a password management at all. I am not really in a position to judge that. The github issue is more than 4 years old, so I hope they learned something since then. Personally, I am using the Firefox extension without having investigated any closer, I'm trusting (perhaps wrongly so) that a security company does at least a few things right.
  2. I guess they were referrring to So storing both the encrypted data and the en-/decryption key in the same unprotected storage ("plainly on disk") is indeed a horrible idea. Storing it in a place that is potentially vulnerable to direct access via malicious websites in case the browser itself is attackable via a browser vulnerability is another issue. The latter is the reason why it is generally not the best idea to use a browser's own password management feature.
  • Create New...