Hacker News new | past | comments | ask | show | jobs | submit login

They'd get you access to your password store, I assume.



They are talking about in situations where the password is so strong it cannot be bruteforced.


Though it does make me wonder if online password managers like lastpass or 1Password could hand that info over if authorities demanded it.


1Password publicly documents their security model, if you want to verify it inspecting the HTTP requests is fairly straightforward. I assume Lastpass does the same, but as I don’t use it I haven’t bothered checking.


I hope not. If they demonstrate that capability and word gets out then that will end their business. If they can give law enforcement access to your passwords then the employees of the company have access to the passwords too.


I appreciate the “hope”, and I sympathize with the general view but I think the probability of a law abiding corporation to divulge this info to the American government approaches 100% across a few years, provided said corporation actually has the data (cf iPhone access codes).


I really don’t want to have to ask myself that question, which is why I’d rather use Keepass and sync the store myself.


That’s why you should put a pass phrase on it. Firefox syncs my passwords but has to ask for my master password at launch. Same goes for Google Chrome’s passwords: they’re encrypted at rest and can’t be displayed online for that reason, you have to sync with Chrome.


Brute force? Nothing brute force about bringing you your laptop/phone so you can unlock your password store.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: