-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-08-27 08:59, Cube wrote: > Assume you have a disconnected Vault VM with your passwords, and a > Shopping VM where you access Amazon, etc. Highest security is to > copy/paste passwords over from the Vault as needed. Less secure > (but still highly secure) is to cache them in the Firefox > database. > > What path do people generally take? >
I approach it as a security/convenience trade-off, just like everything else. How many times per day do I have to access this account? How bad would the damage be if someone else got access? If I have to log in multiple times per day, and there's not much to lose, I'll cache the password. If access is infrequent and the need for protection is great, I'll copy/paste each time. It may not make much of a difference, though. A determined attacker who gains access to the target AppVM could simply wait for the password to be pasted into the login prompt, then scrape the contents of the local clipboard. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXwntGAAoJENtN07w5UDAwk8wP/3cMoOHBUaqvwLUFfHjVRv30 lKNF02Ip2r5TNTBG3uzqyPtkqhwqbKeXR6ULpY7ySj6rxTmvC5OE4MrIY+ahnYr3 aWlZrnRk7l+u0GMWzZepUON27NiC6eyPcM3ZZgKAyPssqj9uRFNNHGw/ICI5uFYw yvY6ERUPLUaNfdMh+aViwoceHyFySJQpziI6SqaCT5WF+1VePmOui90HL6td8KQA 1fjOFTgd/MgMQxfyEag8gW6FlTWrh6q4mp8KjduJ0enJ2yUz5BC9NDEJnbfWSU22 rUdwZDeFFcqF2FPassXSFW75VbyFynES+uLkUe8JdX9uHhAEF04pZt+ixGSKT3t5 xjEspn2wENbKVYn6j9BFD5k4h6kpT8WdP27dA2IXeYNiBLEjCGx3dRomPMrpSbD3 IZryi1+EDZ3qdwiUpuEFaH5Tjs5+YGdxpAlKnorocKXbi8yp9R3SHy2YxtvKchy1 8/94VkU/JaFBtHCUUEGmRk0XFP0FYnYY8nqBaHUHk1NBQdoBptfXq9cRprM3ZfXR kefcQ7KHzmFiLfUVLT73FRV0+1XIFJwMA12yzDjM1cbYUUKYYNoH9tHyuMZuJrWs z3zeD2lelPuLb3kSXXwa34zyoHrt8A6qhyXyuvFw51tPBxpLfXNQIgkinAmb6EP+ D15Vo9TcyN5OT46457DF =b3nC -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f53245cf-23e6-1d66-3dd4-8b3b5a43e48f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
