from what i’ve seen, typically results in better UX at the cost of theoretical security.
this is kind of a bad example, but the pa password manager does not use a public key at all, instead relying entirely on age encryption (and disk encryption), the rationale being that at the point anything is at risk it’s already over:
from the creator:
i will use an unencrypted-at-rest key for convinience.
- my hard drive is encrypted, so nobody can just pull the drive and scrape the key
- if a malicious actor accesses my key, i’m screwed anyway, because:
- most short pass phrases can be bruteforced
- i would not make it long because typing long passphrases all the time sucks
- they have access to my system and can just keylog me
this is a good example of pragmatic security: the theoretical security of using a public key is less important than having to type a long password, so just encrypt your disk instead. same(*) outcome, but easier to manage. in my opinion, the sacrifice is a little too great here— my personal approach to UX being to use bitwarden with my vault unlocked— but i see the vision