| |||||||||||||
|
| |||||||||||||
The Firefox password manager vulnerabilityThe Firefox password manager vulnerabilityPosted Nov 29, 2006 22:47 UTC (Wed) by johnkarp (guest, #39285)In reply to: The Firefox password manager vulnerability by emkey Parent article: The Firefox password manager vulnerability
Ideally, yes, people would easily remember dozens of unique psuedorandom
http://www.schneier.com/passsafe.html
(Log in to post comments)
The Firefox password manager vulnerability Posted Nov 30, 2006 1:35 UTC (Thu) by proski (subscriber, #104) [Link] The best thing is, you can actually put a passpoem there.
The Firefox password manager vulnerability Posted Nov 30, 2006 3:59 UTC (Thu) by roelofs (subscriber, #2599) [Link] The best thing is, you can actually put a passpoem there.An epic passpoem!
The Firefox password manager vulnerability Posted Dec 12, 2007 22:27 UTC (Wed) by riches2rags (guest, #49525) [Link] Bear in mind, that if the user has been brought to a "poser" web site, no password manager client-side bug is gonna matter if he/she is clicking "OK" anyway. The data has been deliberately sent (ie. exposed). The client maintained list is not, in and of itself, compromised. The hidden form field phishing is a bit less culpable for the client. Simplest solution might be to add a "paranoia" setting to the PM that presents a DB exposing the fqdn about to receive the sensitive submission asking "Are you sure this is a valid authentication request?<continue><cancel> The onus is on the user to double check the validity of the transaction one last time. IMHO, any truly sensitive authentication should be using encrypted transmission with mutual trust verification anyway, or the user should seriously consider doing business elsewhere.
|
|
||||||||||||