I like that Kaspersky comes with some additional features like secure password auditing. All of Kaspersky’s password management tools worked without any issues during my tests - it was very easy to import, generate, and store passwords, and to auto-save and auto-fill logins and forms. To keep your data secure, it comes with all of the essential security features, including 256-bit AES encryption, a zero-knowledge policy, two-factor authentication (2FA), and biometric login on mobile. Not something worth arguing over.Kaspersky Password Manager has strong security features and a reasonable price point. Sorry, but you aren't going to change my stance without actual evidence, which you still haven't linked me to. For example this time it appears it says "The company has also opened multiple transparency centers in Switzerland, Brazil, Canada, Spain and Malaysia which allow state agencies, government experts and regulators to review its source code." In fact, every time someone tells me to stop using kaspersky products I go to the wiki page to make sure my facts are correct and usually find something I missed previously, that supports them. I've done a good amount of research, and you aren't changing my mind without proof. The company processes data outside russia and is really just a multination company based in the UK. I don't care if Kaspersky is russian, as long as they aren't doing anyting against me, I'm fine. I asked for evidence of them doing something. And ofc it isn't open source, so they could very well be lying, like it seems LastPass is. They discuss features and encryption but are short on specifics such as third party audits. But the vault's encryption remains your primary defense. Regardless of where your encrypted vault is stored, preventing its disclosure to bad actors is an excellent additional precaution. If you ignore, for the moment, that a Lastpass vault is poorly encrypted, I don't feel an encrypted vault is a huge threat surface. I know a lot of LastPass users are upset that their encrypted vaults were exposed in a recent breach. Neither the local copy nor the cloud copy is particularly at risk if you have taken care with your master password. The master password is directly used to encrypt your vault, so its security is still equivalent to the strength of your master password. It is possible for that encrypted vault to be stored locally, but that persistent copy still requires your master password in order to be used. With Bitwarden, your datastore is always encrypted, except in memory. I think passwords might be stored locally as well as in the cloud, is that something to be worried about? Library of Password & Authentication Research Discussions about the general issues of generating or storing your passwords are fine. This is not /r/TechSupport or /r/HowToHack so don't post asking for help recovering a password or gaining access to online accounts. We are primarily interested in topics that promote the industry's understanding of what authentication risks we face, what practices do or don't work, and what general technologies or software exist to improve the status quo. This subreddit is dedicated to the scientific discussion of passwords, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |