I've been reading a bit more about how F-Secure Key is working. It all looks very good. So good in fact that perhaps Heartbleed leaking everything you've got won't matter. All passwords are encrypted with with a key derived from your own master password. The derived key and master password are never stored or transmitted anywhere except for local memory. Two questions remain (that I can think of): Is it ok to share your encypted passwords to anyone exploiting the Heartbleed bug? Do you log in to an online service whith your password and thereby exposing it through the Heartbleed bug?
... View more