On Fri, Feb 22, 2019 at 11:55:22AM +1300, Steve Gilberd wrote:
Lars - nothing prevents the user from using the Yubikey to create a
decrypted copy,
hardware tokens generally don't allow you to extract the private key
again.
or re-encrypting to an additional key controlled by the
user.
agree. (or just keeping the plaintext around)
While a hardware token is a good idea, confiscating it doesn't
provide a secure solution to denying an untrustworthy user access to the
password store. The only safe option is to change the passwords.
indeed. the OP might be interested in
https://github.com/ddevault/pass-rotate , a tool to help change
passwords on multiple online services automatically.
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
