💾 Archived View for tilde.town › ~dzwdz › b › 2022-06-11-password-managers.gmi captured on 2022-06-11 at 21:21:37. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

password managers and the principle of least privilege

IMHO, current password managers kinda suck at security.

If I want to log into a few low importance accounts on some device, my two options are:

1. logging into my password manager - giving that device full access to all my accounts, including the critical ones

2. retyping the passwords manually - which gets boring quickly

But why does it have to be that way? Why do all password managers need to have an all-or-nothing approach to accessing data?

A simple way to solve this problem would be to store the critical accounts in a separate password database.

That still isn't ideal, though, as I'm still giving each device access to more accounts than they need.

What if I instead had to authorize every password lookup?

The password database would be stored on a remote server, and each lookup would be authorized with 2FA.

The worst an infected device could do is hijacking the 2FA code to get another, more valuable, password - but stealing all passwords this way would take ages.

As for the server - the passwords could be encrypted with a key shared by all the clients.

The only absolutely trusted device would be the one used for 2FA.

You'd just need to be careful not to have any devices with both the encryption key and remote shell access to the server.

I'd really appreciate any feedback on the idea. Also - if you have some experience with this sort of thing, I'd appreciate if you reached out to me. I want to actually build this, but I'm anxious about fucking up the security.

~cya