EndofGods t1_izpikec wrote
Online password vaults are not a great idea.
happyscrappy t1_izpong9 wrote
It's not a password vault.
Gesha24 t1_izpjgrj wrote
And yet almost most of organizations are using it. If implemented right - where you have encrypted passwords stored and it's the client that does the decryption locally - they are quite secure. Now, whether you trust the vendor to implement it properly is a whole different conversation.
EndofGods t1_izpqrfi wrote
There is absolutely no way you can guarantee your data's safety when it's constantly accessible online. I hear the arguments, but at the end of the day it is an absolute security risk that can be avoided for the average person at home. Work can do as it like, but you're choices should be more well informed.
Gesha24 t1_izpsb0w wrote
You can not guarantee data safety at home/within your org either. Remember all the home/prosumer devices that get infected and become part of the botnet? Well, that botnet is not only used for ddos, it can also scan your local systems for vulnerabilities. So don't be so sure your data is safer at home/org. At least Google is very likely to discover data leak quickly, will you even notice your data leaking at home/your company?
ItchyAcnestis t1_izpzi75 wrote
You’re getting downvoted, but you’re right. Accessibility and security of data are two parts of the triad that require the most balancing. By its very nature, security is reduced as you increase accessibility, and vice versa.
The key word here is guarantee though. It is possible to make it extremely difficult to get the data without proper access—just not impossible. Some of the methods used today are pretty slick, but I’ve already forgotten most of what was covered in my network security course. I mostly just remember thinking “this isn’t for me” and “please make this stop”.
Viewing a single comment thread. View all comments