On Fri, Jun 11, 2021 at 12:01 PM William Herrin <bill@herrin.us> wrote:
On Fri, Jun 11, 2021 at 10:27 AM Michael Thomas <mike@mtcc.com> wrote:
> Isn't that what lots of password managers do? I understand that one of them syncs point to point, but that has the downside that it probably needs to be on the same subnet.

It's exactly what lots of password managers with browser extensions
do. I don't personally use them because I don't want my passwords
reversibly stored on a computer that I don't directly control. I have
no great philosophical problem with their existence and use by those
who want them, I just don't want them for myself.

Well, browser extensions in and of themselves scare the living hell out of me.  It really surprises me that they aren't a major attack vector and in the news all of the time. 

But yes, I agree that even encrypted they are a *very* tempting target for hackers, and especially foreign governments. A breach would mean that everybody is instantly screwed since they don't have to break into individual computers, install malware, etc. 

Mike