Gregory's Server
@evacide also malware. Infostealers that access local password managers in browsers don’t need physical access, to unlock it or sign in - and they’re a huge problem.
|
7 comments
 @skry they're not, and people do, but nobody cares. anyway to be clear: browsers' password managers are totally insecure. good options include bitwarden or keepassxc/keepassdx (the former is easier, and a good option if you dont want to invest energy on your password manager; latter is more tedious but is strictly offline which may be preferable)  @xyhhx @GossiTheDog @evacide Thank you. I have never used browser password managers, but I rarely hear any advice to the public from infosec pros about not using them. (Same with antivirus.) I like Strongbox’s user experience for Keepassxc on macOS. @GossiTheDog @evacide I don’t understand why anyone would want this at all. Besides the issues you both have brought up, this doesn’t even really make sense as a product feature @deepthoughts10 @GossiTheDog @evacide It feels like the main demographic for all new features in tech are other tech giants and governments. I'm pretty sure the thinking here was, "okay the customer wants us to log user activity in screenshots... how can we PR that bullshit into a feature?"  Next step, your company trains AI these images and uses that AI to replace you. Employee leaves company, manager uses this to fill knowledge gaps. Just wait for the corporate it tools that will be developed to "manage" " secure" and back up this data to the MS cloud. @GossiTheDog @evacide common it’s not like the average users computer is connected to the internet. And MSFT does have a great history of proactively protecting their users…
|
@GossiTheDog @evacide This sounds like employer surveillance ware that can also be abused by any family admin. I can’t think of any reason I would want such a thing, as a user.
Also, if browser password managers are insecure, we should be shouting that from the rooftops.