Store Credit Card Information in Password Manager?Store credit card numbers in password manager?Protecting my high-value passwords against offline attacksHow to securely store and manage one-time backup codes for 2FA?How to reduce trouble in case I lose access to my password manager?Password managers with U2F security risksEncrypted volume vs password manager - security benefitsPassword generation scheme using master password, site-name, and usernamePassword management with two factor authenticationHardware-Based Password ManagerStore credit card numbers in password manager?How should clients' passwords be managed?
Why Shazam when there is already Superman?
A binary search solution to 3Sum
Do we have to expect a queue for the shuttle from Watford Junction to Harry Potter Studio?
How should I address a possible mistake to co-authors in a submitted paper
Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?
Pre-mixing cryogenic fuels and using only one fuel tank
How to cover method return statement in Apex Class?
Does the Linux kernel need a file system to run?
Does malloc reserve more space while allocating memory?
Can I say "fingers" when referring to toes?
Mimic lecturing on blackboard, facing audience
15% tax on $7.5k earnings. Is that right?
Quasinilpotent , non-compact operators
How do apertures which seem too large to physically fit work?
How do I delete all blank lines in a buffer?
PTIJ: Haman's bad computer
What if you are holding an Iron Flask with a demon inside and walk into Antimagic Field?
What features enable the Su-25 Frogfoot to operate with such a wide variety of fuels?
What is going on with 'gets(stdin)' on the site coderbyte?
Does Doodling or Improvising on the Piano Have Any Benefits?
Is there a RAID 0 Equivalent for RAM?
Why can Carol Danvers change her suit colours in the first place?
Multiplicative persistence
User Story breakdown - Technical Task + User Feature
Store Credit Card Information in Password Manager?
Store credit card numbers in password manager?Protecting my high-value passwords against offline attacksHow to securely store and manage one-time backup codes for 2FA?How to reduce trouble in case I lose access to my password manager?Password managers with U2F security risksEncrypted volume vs password manager - security benefitsPassword generation scheme using master password, site-name, and usernamePassword management with two factor authenticationHardware-Based Password ManagerStore credit card numbers in password manager?How should clients' passwords be managed?
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
edited 4 hours ago
schroeder♦
77.6k30171207
asked 4 hours ago
SuimonSuimon
1284
add a comment |
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
edited 4 hours ago
schroeder♦
77.6k30171207
asked 4 hours ago
SuimonSuimon
1284
add a comment |
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
edited 4 hours ago
schroeder♦
77.6k30171207
asked 4 hours ago
SuimonSuimon
1284
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
passwords password-management password-cracking credit-card
edited 4 hours ago
schroeder♦
77.6k30171207
asked 4 hours ago
SuimonSuimon
1284
edited 4 hours ago
schroeder♦
77.6k30171207
asked 4 hours ago
SuimonSuimon
1284
edited 4 hours ago
schroeder♦
77.6k30171207
edited 4 hours ago
schroeder♦
77.6k30171207
edited 4 hours ago
schroeder♦
77.6k30171207
77.6k30171207
asked 4 hours ago
SuimonSuimon
1284
asked 4 hours ago
SuimonSuimon
1284
asked 4 hours ago
SuimonSuimon
1284
1284
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards.
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
add a comment |
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered 3 hours ago
Future SecurityFuture Security
1,036212
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205894%2fstore-credit-card-information-in-password-manager%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards.
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
add a comment |
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards.
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
add a comment |
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards.
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards.
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
answered 4 hours ago
schroeder♦schroeder
77.6k30171207
77.6k30171207
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
add a comment |
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
3 hours ago
add a comment |
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered 3 hours ago
Future SecurityFuture Security
1,036212
add a comment |
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered 3 hours ago
Future SecurityFuture Security
1,036212
add a comment |
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered 3 hours ago
Future SecurityFuture Security
1,036212
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered 3 hours ago
Future SecurityFuture Security
1,036212
answered 3 hours ago
Future SecurityFuture Security
1,036212
answered 3 hours ago
Future SecurityFuture Security
1,036212
answered 3 hours ago
Future SecurityFuture Security
1,036212
1,036212
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205894%2fstore-credit-card-information-in-password-manager%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
