I’m using proton services and now the Pass password manager as well. I never let any managers save my bank data such as credit cards or login credentials being sort of afraid to.

Is this concern still valid? when using a manager like Proton Pass that has e2e encryption? what’s your opinion on holding bank data in managers like this?

  • ddnomad@infosec.pub
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I agree with you on most of the points. Some security is better than nothing. More security is better than less, layers and all.

    Regarding data breaches and malware, and threat models in general. We should not forget phishing too. People voluntarily entering their credentials on a website masquerading as their bank etc.

    With all of that, having your credentials split over multiple applications and devices actually saves you from an endpoint compromise and evil maid attacks, at least in a sense of limiting the fallout.

    Regarding VeraCrypt and “FREE”. While it is, again, better than nothing, VeraCrypt is fiddly, not always works consistently on all operating systems (I look at you, MacOS), and is susceptible to key logging. I prefer actual certified hardware with physical keypads instead. It is not free and has its own downsides, but it is just something I find more appealing.