diff options
-rw-r--r-- | README.md | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1,7 +1,7 @@ QtPass ====== -QtPass is a gui for [pass](http://www.passwordstore.org/) +QtPass is a GUI for [pass](http://www.passwordstore.org/) Features -------- @@ -16,6 +16,7 @@ Security considerations ----------------------- Using this program will not magically keep your passwords secure against compromised computers even if you use it in combination with a smartcard. + It does protect future and changed passwords though against anyone with access to your password store only but not your keys. Used with a smartcard it also protects against anyone just monitoring/copying @@ -25,6 +26,7 @@ Once you plug in your smartcard and enter your PIN (or due to CVE-2015-3298 even without your PIN) all your passwords available to the machine can be decrypted by it, if there is malicious software targeted specifically against it installed (or at least one that knows how to use a smartcard). + To get better protection out of use with a smartcard even against a targeted attack I can think of at least two options: * The smartcard must require explicit confirmation for each decryption operation. |