On 08/27/2016 05:59 PM, Cube wrote: > Assume you have a disconnected Vault VM with your passwords, and a > Shopping VM where you access Amazon, etc. Highest security is to > copy/paste passwords over from the Vault as needed. Less secure (but > still highly secure) is to cache them in the Firefox database. > > What path do people generally take? > As far as I am concerned, it heavily depends on the type of passwords.
For example, I have zero problems in saving the passwords for my test web application endpoints in the browser. The test web applications are online only as long as the debugger is active, they are accessible only from localhost, they are connected to a test database (i.e. no interesting data) and it would be a major PITA having to type the passwords again and again. For specific services (say, the mentioned Amazon) I keep a keepassx database on the specific AppVM in which the service is expected to be used - the Amazon account I use to buy work stuff is saved in the keepassx database in the Work appVM, the personal one is saved in the personal appVM. And there are some types of password I keep in a non-internet-connected AppVM, together with some OTP generator scripts. They are meant to be used for targets that may be sensitive to large scale attacks (say, home banking credentials, amazon AWS otp generators, etc.) where attackers may have the financial power to aggressively attack the target AppVM - so my line of defense here is to be sure not to have the sensitive information available on the filesystem at all. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a820217-3bc0-e1f0-1e85-eac8a68c243f%40gmx.com. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
