Password Managers

I had cause to think about remote Password Managers last week. My conclusions and notes.

  1. They are an attractive target, and if on the internet easy to reach
  2. They lengthen the code paths and thus increase the attack surface.
  3. They provide little defence against operating system & browser vulnerabilities and zero defence against social engineering or court ordered remediation.
  4. They ease the use of complex and strong passwords; they can through indirection ensure that real keys are not known (and thus contradict my statement that they cannot protect against social engineering attacks).

Links

  1. https://www.schneier.com/blog/archives/2014/09/security_of_pas.html
  2. https://www.theregister.co.uk/2017/02/28/flaws_in_password_management_apps/

Related Posts

  • Who broke the internet? This is going to be a shit storm. The CJEU has ruled that US owned storage is not […]
  • ERP Obviously ERP has been around a while, in my researches, I came across these two open […]
  • Ubuntu 13.10 I am installing this on the Mac under Virtual Box. This snip is about Ubuntu. The […]
  • Disqus This is page contains complex html i.e. javascript, the page must only be edited as […]
  • System V init scripts I really like Ubuntu's system V initialisation scripts and features. This is now based […]

Leave a Reply

Your email address will not be published. Required fields are marked *