Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"Bitwarden does not warn about this risk."

This is wrong. The Bitwarden client very clearly warns about storing your encryption key locally via a mandatory popup window, as seen here: https://i.imgur.com/BzXJmos.png



It looks like this is a popup for a different setting. Did you watch the video outlined in the post?

The author is arguing that such a popup should also exist when locking a vault with a PIN only.


I'm pretty sure that comes up only if you disable vault timeout entirely, not if you enable a timeout but allow unlock with PIN.


That's about as unclear as I could imagine. "If you use this option please ensure you take the appropriate precautions."


That's not what it says though. How would you phrase it? I don't think they do a great job but this is pretty hard to explain in two sentences if you're targeting a non-technical person.


"If you use this option then your passwords will not be stored securely. Any program or person that can read your files can also read your passwords."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: