I have seriously been considering using a password manager. I have been looking at KeePass and LastPass, with the latter being cloud-based. The cloud-based part sounds both convenient and scary. However to my understanding, the passwords are hashed and then stored in the cloud. Is it correct thinking to say that even if someone got access to the password file, it wouldn't do them much good if 256-bit AES was applied? I guess I am hoping to convince myself that it's OK to go with a cloud based password manager but I don't want to go on wishful thinking. Basically my gut is saying "NO!" but my reasoning is telling me it would be OK because of encryption. What kind of risk would I truly be getting into? Thoughts?
↧