Sunday, September 7, 2014

Security of Password Managers

 There were two papers studying the security of password managers:
It's interesting work, especially because it looks at security problems in something that is supposed to improve security.
I would  recommended a password manager to solve the very real problem that any password that can be easily remembered is vulnerable to a dictionary attack. The world got a visceral reminder of this earlier this week, when hackers posted iCloud photos from celebrity accounts. The attack didn't exploit a flaw in iCloud; the attack exploited weak passwords.
Security is often a trade-off with convenience, and most password managers automatically fill in passwords on browser pages. This turns out to be a difficult thing to do securely, and opens up password managers to attack.
I specifically recommend a ideal password manager  not to automatically fill. I specifically need it to be a standalone application where it allows you to choose longer and stronger passwords and store it. The fast way to transfer a password from Password Safe to a browser page is by using the operating system's cut and paste commands.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.