![]() If someone were to brute-force this, it would be pretty easy in comparison to others:įor comparison, here’s a 12 character password of various random characters: I don’t have to put in passwords enough for it to slow me down more than the security is worth. The mild inconvenience is the price I pay for security. ![]() I don’t mind having to unlock my database before entering passwords or set up my own database syncing. If so, I’d love to see what those vulnerabilities are.Ĭoncerning password managers, I personally use KeePass, but recommend LastPass since it’s much easier to use. Maybe there are vulnerabilities that can be used from just a database file and without a compromised computer or data access. If an attacker is modifying your KeePass database, they can probably also keylog your master password for any password manager anyway. KeePass database), you should be keeping it backed up so that any data loss (from hardware failure or due to an attacker) is not an issue. If you have important data on your computer (i.e. The database file one is not possible when using web-based password managers. If you do any of those things with any password manager, then you’re going to have a problem. (or) Require the user to run a “new” version of KeePass without checking if it’s authentic.(or) Require the user to use a database file modified by an attacker (loss of data and data corruption attacks).Require the database to be unlocked with the master password on a compromised computer.When I looked up KeePass vulnerabilities, I was not able to find anything that gave someone access to the password database from the database file without the master password. Aren’t browser-extension-based ones susceptible to browser security bugs? How about ones that have a website – install a malicious extension and now you’ve got a problem. I don’t think any password manager is perfectly secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |