Hacker News new | past | comments | ask | show | jobs | submit login

It still goes against the principle of defense in depth. You defeat one layer and you gain control over everything.

Even if that layer is composed of a password and MFA, it is still one layer.

And by using a SaaS password manager you would have also done another part of the job on behalf of the adversary: enumerate what they have access to.

If you are VIP, persistent adversaries will find a way somehow.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: