Posted by admin on

Password Managers

I had cause to think about remote Password Managers last week. My conclusions and notes.

  1. They are an attractive target, and if on the internet easy to reach
  2. They lengthen the code paths and thus increase the attack surface.
  3. They provide little defence against operating system & browser vulnerabilities and zero defence against social engineering or court ordered remediation.
  4. They ease the use of complex and strong passwords; they can through indirection ensure that real keys are not known (and thus contradict my statement that they cannot protect against social engineering attacks).

Links

  1. https://www.schneier.com/blog/archives/2014/09/security_of_pas.html
  2. https://www.theregister.co.uk/2017/02/28/flaws_in_password_management_apps/

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close