Josef H. B. Schneider

Whats so funny about it?

Great. Now I need to download and run https://github.com/GhostPack/KeeThief instead of changing a config. Glad that KeePass is now 0.00001% more secure 😎

The attacker can also create a custom version of KeePassXC or Bitwarden or any other software, which exports all passwords in plaintext and then change the shortcut. How do you prevent that on your PC?

The config file is in the user profile! How do you think somene could gain access only to this one file?

If you have access to the user profile it is trivial to install an excel addin, which decrypts all files and stores a copy somewhere!

My take on the situation is this: If you are not able to understand, why this is not a sccurity issue, you CANNOT use ANY software password manager. Please store your passwords hand written on a piece of paper, where you should be able to grasp the thread model and security implications!

No, an encrypted xlsx is worse than a password manager. As I said, for most people a purely physical sheet of paper in their desk drawer is a lot better. It protects against 100% of all hackers on the internet. The threat is suddenly reduced to only the people having access to your desk. This reduces potential attackers from billions to probably single or double digits! I help some senior citizens with their PC issues. I would never recommend any of them to use any password manager software. It's...

No, an encrypted xlsx is worse than a password manager. As I said, for most people a purely physical sheet of paper in their desk drawer is a lot better. It protects against 100% of all hackers on the internet. The threat is suddenly reduced to only the people having access to your desk. This reduces potential attackers from billions to probably single or double digits! I help some senior citizens with their PC issues. I would never recommend any of them to use any password manager software. It's...