On Wed, Nov 25, 2009 at 10:05, David Rosenstrauch <darose@xxxxxxxxxx> wrote: > On 11/25/2009 04:43 AM, David C. Rankin wrote: > FYI - I've set the kwallet password to nothing, and it's seemed to work out > nicely, as it no longer prompts me for the wallet password at inopportune > times. > > In theory this is less secure. But since no one can be logged into my box > as me without my account password anyway, in reality there's no way anyone > can access my kwallet passwords without having my account password first. > Maybe give this a shot? > > HTH, > > DR > If you're running any services that face an open network, you are in theory vulnerable to an exploit in the service. Also, there have been exploits in web browsers like firefox that would give user-level access. This could potentially give the attacker access to your wallet without your user password, depending on the exploit(s) used. In this case, *all* your passwords will be comprimised. Using a password manager without a password itself is bad for your security.
