user gone and expiring access

Jonathan Proulx jon at csail.mit.edu
Fri Feb 22 15:40:23 CET 2019


Others have said both things but there's 2 points here:

1) For non-malicious users where you want to defend against them
   loosing their key and old encrypted store to a 3rd party use a
   hardware token that you can collect on exit (like Yubikey).

2) For malicious actors you just need to change all secrets they
   ever had access to because they could have recorded plain text.





More information about the Password-Store mailing list