Highest Rated Comments


zenion3 karma

First I will say... I love what you've done and strongly support this direction of development. I honestly think this market would be at a far better state if this was the norm for business models. With that said in regards to the above statement.... This is no different then how u would hack any front end auth API once you're inside the infrastructure though. Throw some sneaky logging at the place where the hash ingresses and then obviously u know how to use it once u have said hash since the code is available. Maybe you'd need some automation code to do in realtime if the hash is timebased or session based but still feasible once you have access to said systems handling the endpoints for auth... the scariest thing for security minded users in password storage IMO is trusting others to secure their infrastructure properly and go through pen tests and meet some level of best practices compliance framework for that infrastructure. People need to trust you more than LastPass/onepassword in that respect honestly for you to stand out as a viable competitor to the close sourcers I think.

zenion3 karma

if you're only using application platform services and not managing OS' directly that definitely significantly reduces your footprint on this front. Thanks for the clarity :)

zenion3 karma

all too familiar haha ;) I think you'll do alright.