Closed imperia9 closed 1 year ago
This would require a complete recode of our program. We are not going to do that and the protection is not worth the significant hit to user experience. If you are worried you can split your higher value entries into a separate database or set a short lockout timer.
Summary
At present, the system allows all passwords access after logging in, it would be beneficial to security to not expose all "secrets" but require yubikey press to expose any secret. This way, if attackers get access, the worse case is they get one password or require yubikey press.
Examples
You open DB, you search for the site, you try to copy password, and it asks you for yubikey press before you are abe to copy.
Context
Good prevention from ransomware exporting DB or extracting passwords on unlocked data store.