Advice Request What are some secure password manager options for Windows, Android and IOS?

[Digmor Crusher]

Indeed, along with their extensions, which provide another portal for malicious actors.

The little black book looks like modern technology now, if it didn't before. Word.

I use a password manager but no financial information is put in it. I have a hard enough time remembering 1 password.

 

[Jonny Quest]

If I really wanted to be concerned, is there any risk in doing it this way, as far as copy and paste into a webpage?

Security News - Malicious Chrome extensions can spoof password managers in new attack

This is the part that caught my eye. In SquareX's demonstration, the attackers impersonate the 1Password password manager extension by first disabling the legitimate one using the 'chrome.management' API, or if the permissions aren't available, user interface manipulation tactics to hide it...

malwaretips.com

 

[bazang]

Indeed, along with their extensions, which provide another portal for malicious actors.

The little black book looks like modern technology now, if it didn't before. Word.

Tavis Ormandy's analysis and advisory regarding browser extensions, and the code injection that they perform, is well intended but yet it still does not address the Achilles heel of native browser password managers. And that is that the credentials are stored in the browser publisher's cloud. So yet again the user is turning over credentials and other valuable data to the care of others. The user has to not only entrust some of their most valuable data to the vendor, but they must also trust that the vendor is doing a really, really good job at safeguarding their "surrendered" data.

People will not use local password managers because they are lazy and they want easy. The herd makes things popular. When technology becomes popular and ubiquitous enough, then it becomes a HUGE juicy target for threat actors.

The best password manager is a system (algorithm) that a user develops to create complex passwords and then write them down in a notebook and hide them behind a locked physical door in your residence. Despite the proclivity towards paranoia on security forums, the national security services will not be coming to your home, ransacking it to find that piece of paper. British, Turkish, and Indian intelligence services do not care about any of us, except those that are truly bad criminals and terrorists. They have no interest in your fapsite logon credentials.

But, you know. There are people here and out there with 100, 200, 300, and even 500 or more login credentials - some, if not most, which are no longer valid and the user will not take the time to clean-up their credentials library. Unlike people like you and I that don't even have 50. Then they have multiple digital devices and they just cannot be bothered to care for each device with proper digital hygene. They just want "Install, set, and forget." Popeil (yes, there are suckers on the other side of the big salt sea here too) made millions selling rotary cookers. He could have made billions selling password managers.

(

People are digitally stupid and lazy. Password managers make them less stupid. They do not fix the lazy.

 

[Digmor Crusher]

Well people can be lazy regarding passwords or not. I assume most have dozens of passwords, they can either use a password manger or pen and paper. If some assume anything digital can be hacked then pen and paper it is. How many do you think do that, I think not many, password manger is much easier for the lazy. So then we must assume: most are lazy, most think a password manger is 100% safe and very many could care less either way. If Chrome and other browsers want to push their password mangers to the masses for ease of use, fine, I'm not going to use them.