"NCSC urges using 3 random words as passwords" <-- No mention of password managers, even as an option? (cc @troyhunt, @thorsheim)https://twitter.com/NCSC/status/1119741543190028288 …
-
-
Dangerously broken? Do tell, we talking autofill or lack of encryption for "locked" modes?
-
I don't know what Troy is thinking of, the kind of exploits I've seen in password managers are remote code execution vulnerabilities, allowing any website to take over your computer. For example, https://bugs.chromium.org/p/project-zero/issues/detail?id=1225 … or https://bugs.chromium.org/p/project-zero/issues/detail?id=693 …
- 3 more replies
New conversation -
-
-
@taviso is right from a pure sec standpoint. Online password mgrs with autofill are a giant risk. But it’s a trade off. I have a lot of experience with non-tech people giving up on local password databases and leaving notebooks laying around with weak passwords they created. -
People understand how to manage physical objects; e.g. car keys, diaries, cheque book. Just keeping it in a desk drawer or in your purse/backpack is fine. If someone is nearby and willing to break the law, they have lots of options regardless of how you store passwords.

- 1 more reply
New conversation -
-
-
I too am interested in knowing which are dangerously broken. I want to know if I need to shift my company to a new product.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.