On 26/02/2019 11:54, Ciprian Dorin Craciun wrote: > Thus without much > effort, one can take out the HDD, and just run a file-system recovery > tool to recover deleted files, or dump ASCII tokens, and thus get > access to the used passwords.
Indeed, but if you use one of the standard web browsers your session tokens are also stored on disk, by default unencrypted, and in many cases these are equivalent to passwords (depending on the website). Password managers address the issue of a network attacker. They don't directly solve the problem of an attacker who has physical access to your device. An encrypted drive is a better way to prevent an attacker getting access to sensitive material on disk (not only passwords). So while the problem you identify is bad, it's not fatal. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
