rafaelrdealmeida
commented
3 years ago Hi,
Closed michacassola closed 3 years ago
rafaelrdealmeida
commented
3 years ago Hi,
perry-mitchell
commented
3 years ago @michacassola Do you mean that between browser/computer restarts, that the vault would stay unlocked? If so, that's not possible as it'd require writing the password to browser storage, which would be insecure.
michacassola
commented
3 years ago Yes, that is the age old discussion about how secure things should be. If I think a tank will soon come through my houses walls, I'll have to install 20cm thick steel to reinforce them. 😄 LastPass let me do it, so should you. Or you can make it so that together with unlocking ones devices account you also unlock Buttercup... But putting in a password everytime I start the browser to get to my passwords, no thank you.
perry-mitchell
commented
3 years ago LastPass let me do it, so should you.
This is flawed logic, I'm afraid. We're not trying to be like Lastpass. And using Lastpass as an example of something sets a poor standard to go by, imo.
That point aside - by choosing to add an ability to store a user's primary password in plain text, anywhere on the computer, we put everyone that uses Buttercup in a potentially uneasy situation where their software is capable of exposing their vaults. A configuration bug, for example, could result in 100% of our users primary passwords going to storage.. it's just not an acceptable risk.
When we can settle on a means of encrypting the primary key in a manner that:
I'm going to close this as we don't have any such technique. I'll happily reopen if someone can suggest something that satisfies the criteria above.
On my Browser I would like to keep the Vaults unlocked and not have to keep on unlocking every time, actually thought that is what that option means. Did not try out with Desktop app yet. Would go a long way to be a LastPass alternative especially coming march.