I would be keen to understand whether I’m over thinking this or is this some kind of oversight in the security of the app? Are extensions affected in the same way? I was always under the impression the PIN Unlock was unique to the PC it was applied to, but it doesn’t seem to be the case. This means if my original PC was ever infiltrated, either by Ransomware or over the network, that file can be copied off and hacked into within mere seconds. However, with the vault locked, I copied the %AppData%\Bitwarden\data.json file and placed it on to another computer where I installed Bitwarden app offline and restored the file to the same location (internet disabled), only to find the same PIN unlocked the database as it did on the original PC with no need to enter the full master password. Therefore, if the data file was ever taken elsewhere, the full password would be required to unlock. I assumed there was some kind of unique ID specific to my device that was used in conjunction with my PIN making it unique to my device. I have “Unlock with PIN” enabled to avoid entering my obscenely long master password every time.
Really missing Auto-Type and hoping that will be coming soon!Īnyway, on to the reason I’m posting… I’m a bit concerned about the PIN security implementation and am keen to hear other thoughts… I liked the automated features in Myki and have migrated over to Bitwarden, paying for premium. Preface: I am a long time user of KeePass with multiple plugins and also used Myki before it was announced they were shutting down.
0 kommentar(er)
