I mixed up the browser windows and tried to login to the B2 account website using the B2 storage encryption password while the Duplicacy Web-GUI window was opened side by side.
What’s the risk of B2 contractors having a record of the storage password and being able to decrypt the config file?
I wonder whether the B2 login page hashes the account password on the client or the server side.
I’ve since used the CLI to change the storage password, but I assume a copy of the old config file is still floating somewhere in B2 backup.
I know from an older thread, that if the old password and old config files are compromised, then it doesn’t help to change the storage password now, and the only way to be safe is to delete the bucket and upload the backup again. But this seems to be a lot of effort and time to do for the amount of risk.