Tech

1941 readers

210 users here now

A community for high quality news and discussion around technological advancements and changes

Things that fit:

New tech releases
Major tech changes
Major milestones for tech
Major tech news such as data breaches, discontinuation

Things that don't fit

Minor app updates
Government legislation
Company news
Opinion pieces

Community Wiki

founded 2 years ago

MODERATORS

Vacant@programming.dev

Password managers vulnerable: 40 million users at risk of stolen data (www.pcworld.com)

submitted 2 weeks ago by throws_lemy@lemmy.nz to c/tech@programming.dev

31 comments fedilink hide all child comments

This vulnerability was discovered by security researchers from The Hacker News. The following password managers have affected browser extensions that are based on DOM (Document Object Model):

1Password

Bitwarden

Dashlane

Enpass

iCloud Passwords

Keeper

LastPass

LogMeOnce

NordPass

ProtonPass

RoboForm

you are viewing a single comment's thread
view the rest of the comments

[–] Kissaki@programming.dev 4 points 2 weeks ago

I deliberately chose KeePass with no Webbrowser extension and no cloud service that other password managers and password manager services provide to reduce risks.

Webbrowsers are very interconnected tech with non-obvious relations and risks. Having my webbrowser access my password database feels inherently irritating.

Webbrowser's own password managers with optional sync have the benefit of auto-fill only being offered for the correct domain names. But I'd never store my critical passwords in them.

Having to launch a separate password manager, enter a long master key, and then copy-paste/trigger-auto-type the content from it is cumbersome, but the only way to add a reasonable robust separation.