• Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    16
    ·
    4 months ago

    If someone has access to your machine you are screwed anyway. You need to store the encryption key somewhere

    • x1gma@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      4
      ·
      edit-2
      4 months ago

      Yes, in your head, and in your second factor, if possible, keeping derived secrets always encrypted at rest, decrypting at the latest possible moment and not storing (decrypted) secrets in-memory for longer than absolutely necessary at use.