user gone and expiring access
Tobias Girstmair
t-passwd at girst.at
Fri Feb 22 00:05:05 CET 2019
On Fri, Feb 22, 2019 at 11:55:22AM +1300, Steve Gilberd wrote:
>Lars - nothing prevents the user from using the Yubikey to create a
>decrypted copy,
hardware tokens generally don't allow you to extract the private key
again.
>or re-encrypting to an additional key controlled by the
>user.
agree. (or just keeping the plaintext around)
>While a hardware token is a good idea, confiscating it doesn't
>provide a secure solution to denying an untrustworthy user access to the
>password store. The only safe option is to change the passwords.
indeed. the OP might be interested in
https://github.com/ddevault/pass-rotate , a tool to help change
passwords on multiple online services automatically.
More information about the Password-Store
mailing list