On Saturday, August 27, 2016 at 9:31:31 AM UTC-7, Alex wrote: > On 08/27/2016 05:59 PM, Cube wrote: > For specific services (say, the mentioned Amazon) I keep a keepassx > database on the specific AppVM in which the service is expected to be > used - the Amazon account I use to buy work stuff is saved in the > keepassx database in the Work appVM, the personal one is saved in the > personal appVM.
Interesting idea. For the downside of having to remember extra passwords (for the databases), backups (albeit part of the general backups), and managing the running instances of XKeyPass, you can save a few keystrokes pasting between VM's. It does seem like there are more disadvantages, why not just keep them together in one Vault XKeyPass? > And there are some types of password I keep in a non-internet-connected > AppVM, together with some OTP generator scripts. They are meant to be > used for targets that may be sensitive to large scale attacks (say, home > banking credentials, amazon AWS otp generators, etc.) where attackers > may have the financial power to aggressively attack the target AppVM - > so my line of defense here is to be sure not to have the sensitive > information available on the filesystem at all. > Well they're in the AppVM though so are on the filesystem, aren't they? What you buy is network isolation, effectively air gapping, but even better. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af95ccc0-0120-42eb-952b-e1218d880e74%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
