Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
I am still listening to the show, but wanted to comment about the password manager discussion you had. You pointed out that password managers that auto fill in the credentials without user interaction is a security weakness for better usability.
I am using Bitwarden and it prompts me with a popup asking if I want to fill in the offered field with my saved credentials. So it seems that it is a bit more secure then the other solutions out there, but a bit more inconvenient to use with the extra step.
I was just reminded of a discussion on a mail list that touches on the password managers also.
Someone opened a help request that user credentials were getting saved in some of the web forms. Some investigation showed that the browser password manager was auto filing in the user and password fields on the page when this one user was editing a different portion of the page. So when he saved his edit the username and password got saved as well.
Security and his manager were notified since it was against policy to use password managers. And he had to reset his password since anyone with access to the system could now see his password.
On the subject of password manager, at least in Chrome 88 there are settings/toggle for
“Offer to save passwords” and “Auto Sign-in”. Also on my computer in order to show password when clicking on eye icon to show password, i am prompted by local login prompt. I am synchronizing passwords through Goggle though. In Firefox of course you have to set password yourself outside of the local account.