Don’t put a lot of faith in relying on “physical access” to keep data safe. The only thing you really need physical access to the box for anymore is to plug it in. What does concern me is that bad players are gradually figuring out the memory mappings of these password managers on their servers, not just on the clients. This then becomes an enterprise security risk and not just a personal device risk.
If you can get the master password off of an iPhone you get to ruin somebody’s day, but if you can get the database with the master passwords of a company’s customers you get to ruin a lot of folks’ days.
The incentive to attack the servers comes from the value of the exfiltrated data on the cyber black market. There the data is sold and re-sold down the food chain to lesser and lesser skilled bad guys. Finally the guy holding the bag when the music stops realizes he is the ultimate sucker.
If you think about it, it is not unlike street drugs… or for that matter, it is not unlike the Dutch Tulip mania of the 17th century either.
Tags: Password Managers
Birkdale Computing 
Leave a comment