Password managers like LastPass and Dashlane have online accounts for you to log into while others like 1Password do not. One thing I want to point out is that 2FA is about authentication, not encryption.
This makes the Yubikey pointless from a security perspective because a hacker would only need to compromise the much less secure SMS 2FA that Vanguard has. Vanguard supports Yubikey, but it doesn't offer any additional protection because they make you enable SMS 2FA and keep it enabled as an alternative means of access in case you lose your Yubikey. There is a special Yubikey that supports VIP, but it is different from the normal Yubikey most people talk about. VIP is a OTP solution and competes with the OTP technology that Google, FB, Dropbox, etc. From what I've seen, most financial institutions seem to be favoring Symantec's VIP, including Fidelity. I am curious if Vanguard, Fidelity, and various banks and credit unions do or will support YubiKey. I found: Google, Dropbox, Facebook, LastPass, Dashlane, and WordPress. What other services accept YubiKey as the 2nd factor? Is the same true for LastPass and 1Password? When you access their databases, are entire databases decrypted? Or there is some way to decrypt individual entries in a password database while leaving all other entries encrypted?
Once your password manager is unlocked, the malware does not need a second factor to copy you cleartext database. In this situation 2FA will protect the website accounts but not the password database. That being said, this is where two factor authentication comes into play. It's akin to leaving your computer unlocked and walking away. If your computer is compromised and your password manager is unlocked, there is nothing the password manager can do. I don't think this is a problem you can "fix" nor do I necessarily consider the password manager "hacked". And the same question is about LastPass and 1Password: are they vulnerable during short periods when you are retrieving or changing individual passwords? VictoriaF wrote:I wonder if the problem has been fixed.
0 kommentar(er)
