> Yes, absolutely (note I don't actually know how to get the encrypted version of the vault standalone).
I believe that, given that it's just JavaScript in the browser, that the encrypted vault should be available as a blob in one of the network requests when you are making a change to the vault.
> Are you willing to send banking information over HTTPS? It's the same level of security.
Maybe I'm being irrational, but I just think there is a fundamental difference in the risk profile between a breach of my banking credentials and having every stored set of credentials across my entire digital life exposed through a password vault breach.
If my banking details were compromised somehow, I at least have a bank I can work with and real people I can talk to. Both the bank and myself have a strong mutual interest in addressing the acute security issue. Government banking regulations come into play. Insurance comes into play.
If my password vault is compromised and credentials for every service and website are exposed, I would argue that is a far graver matter. And who do I turn to in that case? I have to imagine that any of these password management companies would just point to me being somehow negligent with my master key and tell me to pound sound.
I believe that, given that it's just JavaScript in the browser, that the encrypted vault should be available as a blob in one of the network requests when you are making a change to the vault.
> Are you willing to send banking information over HTTPS? It's the same level of security.
Maybe I'm being irrational, but I just think there is a fundamental difference in the risk profile between a breach of my banking credentials and having every stored set of credentials across my entire digital life exposed through a password vault breach.
If my banking details were compromised somehow, I at least have a bank I can work with and real people I can talk to. Both the bank and myself have a strong mutual interest in addressing the acute security issue. Government banking regulations come into play. Insurance comes into play.
If my password vault is compromised and credentials for every service and website are exposed, I would argue that is a far graver matter. And who do I turn to in that case? I have to imagine that any of these password management companies would just point to me being somehow negligent with my master key and tell me to pound sound.