"NCSC urges using 3 random words as passwords" <-- No mention of password managers, even as an option? (cc @troyhunt, @thorsheim)https://twitter.com/NCSC/status/1119741543190028288 …
I don't know what Troy is thinking of, the kind of exploits I've seen in password managers are remote code execution vulnerabilities, allowing any website to take over your computer. For example, https://bugs.chromium.org/p/project-zero/issues/detail?id=1225 … or https://bugs.chromium.org/p/project-zero/issues/detail?id=693 …
-
-
So maybe we are talking more specifically about password manager browser extensions? This distinction is very clear in 1Password, less so with the others where they are all plugin oriented. The second area of concern mentioned earlier is similar, malware reading the decrypted db
-
There was no browser extension involved in the second link above. As far as I know, 1Password is similarly designed, relying on websockets for security. If you're concerned about malware, you should use application whitelisting - no password manager design will save you.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.