Hacker News new | past | comments | ask | show | jobs | submit login

Everyone using an offline password manager without having a backup might as well consider everything lost

This sounds like emotional blackmail

How many times I lost everything, hardware failure, updates that broke OS, using dd in the wrong drive...




How would a backup help in this scenario? The data is fine, it's the application that stopped working.


If the yubikey stops working, you also loose access to the database

So I would have a backup with a simple password, or even unencrypted in a USB somewhere


You backup the yubikey seed (whatever it's called) separately from the password db, so that the attacker still has to get 3 separate pieces of information (db, password, seed) to get the full access.


If you backup the "seed" hotp secret you can probably use any OTP client software to open the DB without needing the yubikey


What you usually do with YubiKeys is have multiple of them so that if the key stops working or you lose it you can use the spare.

This is more secure than using a simple password or (gasp) an unencrypted copy somewhere.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: