• Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    If someone has access to your machine you are screwed anyway. You need to store the encryption key somewhere

    • x1gma@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Yes, in your head, and in your second factor, if possible, keeping them always encrypted at rest, decrypting at the latest possible moment and not storing (decrypted) secrets in-memory for longer than absolutely necessary at use.