The benefit of enforcing system authentication for key use is TPM can enforce an exponential cooldown timer after some incorrect attempts. ![]() Password managers ties TPM's decryption of KEK with the system authentication backed by TPM. TPM encrypts the Key Encryption Key (KEK) of the password manager that encrypts its own master key. Are there any password managers that includes in their official security model documentation how they use the TPM?.What threats could, in principle, be mitigated by a password manager's use of a TPM that could not otherwise be mitigated?.My intuition is that a properly-designed Windows password manager application (or browser, browser extension, etc) could mitigate some risks using a TPM that would not otherwise be possible. Unfortunately the above are the clearest statements I have found about any password manager's use of the TPM. Windows Hello can immediately unlock 1Password after you quit the app or restart your PC.The encrypted secret is stored in the Trusted Platform Module instead of your computer’s memory.1Password delegates the responsibility of authentication to Windows Hello.If you use the Trusted Platform Module with Windows Hello: On the other hand, the 1password Windows desktop application does seem to make use of the TPM when it's available: The 1password whitepaper contains this gem, for example: The technical details of the use of the TPM by password managers seems to be rather vague. This suggests that sometime soon password managers might be able to assume the existence of TPMs on Windows workstations. Support for Windows 10 is scheduled to end in 2025. ![]() This question is about the use of a TPM by a password manager used by an end-user on a PC to store and use passwords to log in to web sites and other things that are protected only by a password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |