Collaborate Disseminate
I like to use Firefox as my password manager. It tracks username and password combinations by domain. I can see why it was designed this way. You wouldn’t want it to auto-fill a password on a completely unrelated site.
But, there are some … Continue reading How can I set a saved username and password combination in Firefox to work on multiple domains? [migrated]
A benefit to password managers, at least some of them, is that they can look at the URL and only use autotype/autofill when on the correct site, which can help prevent pharming since if instead of https://www.example.com/ you go to examp1e… Continue reading DNS hijacking/poisoning effect on URL/URI and password manager autotype/autofill
This question is about the use of a TPM by a password manager used by an end-user on a PC to store and use passwords to log in to web sites and other things that are protected only by a password.
Windows 11 requires at least TPM 2.0. Suppo… Continue reading What threats can the use of a TPM by a password manager mitigate?
In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers […]
The post What is the Future of Password Managers? appeared first on Security Intelligence.
Basically every password manager (like LastPass, 1Password, …) has its Android & iOS app and browser extensions for Chrome, Safari, Firefox etc., to automatically fill in usernames and passwords.
I see this as the most obvious point … Continue reading How do password manager developers protect their app store accounts?
Chrome password manager is super convenient – it autofills passwords on website automatically, has a one-click password generation. However the management of passwords is rather lackluster, there is no fine grained control on how to read p… Continue reading Most browser-like convenience password manager [migrated]
Why do I have to provide authentication when I want to read a password stored in my own web browser while I have to do nothing to read the same password on a site’s login page?
Is my conclusion correct that asking the user for a PIN is poi… Continue reading Why do I need to provide authentication when accessing a browser’s built-in password manager?
I remember some password managers like google would give me a warning about passwords that I have that have been compromised.
My question is this. How is google or able to see that the password I have chosen matches one that has been compr… Continue reading is it illegal to download passwords in bulk from the dark web to make a password checking tool to help people? [closed]
I was reading an infosec user’s take on the LastPass data breach and noted something odd in his commentary on another password manager system (emphasis mine)
I have not done a thorough code review, but I have taken a fairly long glance at… Continue reading Why would garbage collection be a problem in password managers?
Are there fundamental underlying differences in how secrets and passwords should be managed?
I’m curious of the technical/cryptographic differences between secret managers and password managers are. If I get all philosophical about it the … Continue reading Whats the difference between secret and password managers?