Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Hacking Password Managers
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
anon9011498124
anon9011498124,
User Rank: Apprentice
9/16/2014 | 3:31:43 PM
Re: trusting a password manager?
Nice article. My advice to everyone is to use any password manager available which fits their needs and to use different and super strong passwords for every site they have an account on. Or maybe if their memories are that great that they can remember passwords like brKir7j&^@RC7&IK, they can use their brains and feel pain in the neck :)I have found a free version of Sticky Password some time ago and converted it to the paid version after using it for a couple of weeks. Used it ever since without problems. 
andre.boysen
andre.boysen,
User Rank: Author
7/15/2014 | 12:08:07 PM
Re: trusting a password manager?
Password managers are a stop gap measure that makes the best of a bad design. Of all the methods users can employ to manage online life, they are the least of all evils if well used by a good provider.


Important is to move to a model without passwords as the primary security mechanism.

 

 
DAVIDINIL
DAVIDINIL,
User Rank: Apprentice
7/15/2014 | 10:08:58 AM
Re: trusting a password manager?
Especially considering some sites, like Yahoo Mail, seem to want me to change my PW on a regular basis.  Enough already. 
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 10:01:39 AM
Re: trusting a password manager?
I have probably 100 different complex passwords, so remembering all of them is impossible. A pw manager is certainly tempting, but something keeps stopping me from putting my eggs in that basket. #paranoidsecurityjourno
DAVIDINIL
DAVIDINIL,
User Rank: Apprentice
7/15/2014 | 9:58:38 AM
Re: trusting a password manager?
I am a bit nervous about using Roboform and Lastpass, but I find them to be essential.  I think I am less vulnerable by using a PW manager than I am using the same password for every website I use. 
Dr.T
Dr.T,
User Rank: Ninja
7/15/2014 | 9:54:13 AM
Re: trusting a password manager?
That is the problem Marilyn. You still need to keep a password in mind. We should just revamp this username/password and defining new ways of protecting ourselves. I do not know what it would be but I know username/password pair is not really working when ii comes to security or privacy.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 9:52:47 AM
Re: trusting a password manager?
Ha! I hear ya. I have my secret cryptic cheat-sheet. It's lame, but it makes me feel somewhat in control. 
Dr.T
Dr.T,
User Rank: Ninja
7/15/2014 | 9:51:38 AM
Re: trusting a password manager?
Agree. Maybe that or, find a way to remember the password per site easily. Such as remembering logo of the site and defining password that we can related to it. I just gave away my way of defining password :--))
Dr.T
Dr.T,
User Rank: Ninja
7/15/2014 | 9:49:08 AM
All the same
We have to assume that the apps that store or generate passwords have the same vulnerabilities as other regular applications. I do not use any apps for passwords, however it is getting overloaded I can tell, defining a different password per site, that is too much. :--))
Sara Peters
Sara Peters,
User Rank: Author
7/15/2014 | 9:41:10 AM
Re: trusting a password manager?
@Kelly  I feel the same way. I'd rather use my own brain. And for stuff that I don't use often that I feel like my husband might need to know, I stick it on my fridge. If someone breaks into my apartment, I'll have bigger problems. Well, at least, more problems.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-24806
PUBLISHED: 2023-02-04
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2013-10017
PUBLISHED: 2023-02-04
A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recom...
CVE-2013-10018
PUBLISHED: 2023-02-04
A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection....
CVE-2023-23082
PUBLISHED: 2023-02-03
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
CVE-2023-23615
PUBLISHED: 2023-02-03
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by ...