Skip to main content

pleroma - Link to source

Your password manager is not safe

bleepingcomputer.com/news/secu…

in reply to verita84

plan-A
friendica (DFRN) - Link to source
plan-A
 — (Proud Eskimo!)
@verita84 He's a Padawan, on the good way bit he wrong in 1 aspect.
TOTP he uses G1
Also it's totally depending on that very access> there the stress point as TOTP..
@verita84
in reply to verita84

snap
pleroma - Link to source
snap
@verita84The vector being the autofill popovers? I don't have those on anyway because they seem to defeat the purpose of a secure password vault in my mind.
@verita84
in reply to verita84

plan-A
friendica (DFRN) - Link to source
plan-A
@verita84 @snap disable that asap please. it stay in browser cache.
@snap @verita84
in reply to verita84

snap
pleroma - Link to source
snap

@zer0unplannedI'm not sure about Nextcloud. Self-hosted Bitwarden is pretty rock solid, though obviously they have the autofill dropdown that the article is about so still turn that off if you use the browser extension.

I would even go as far as to say don't use password manager browser extensions at large since I don't full trust browser extension sandboxing. But that's not viable for everyone.

Generally it's a pretty unsophisticated attack so I doubt it's going to ever be a super widespread thing, especially with the knowledge of it out there to be fixed up.

@plan-A
in reply to verita84

plan-A
friendica (DFRN) - Link to source
plan-A
 — (Proud Eskimo!)
@verita84 Can you remember your 28 head password by heart> there you have 2 options on paper> type 1 of those..etc
then tell me about KeepassXS or BiWarden is trash..
No is always and always the user himself.
@verita84