Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
If a attacker is present on your machine and can access your account there really is no method that is really useful. Any password you use is a password they can get.
A Periodic Table of password managers
Posted Nov 10, 2011 19:40 UTC (Thu) by danielpf (subscriber, #4723)
A keylogger can be a device hidden on the keyboard cable and broadcasting every single key.
A keylogger can be a hidden program injected by some mean (say a downloaded package).
Such situations do not need an attacker present on the machine.
Posted Nov 10, 2011 20:44 UTC (Thu) by felixfix (subscriber, #242)
Posted Nov 11, 2011 13:01 UTC (Fri) by Cato (subscriber, #7643)
LastPass is a good password manager (free as in beer for desktop OSs, paid-for on mobiles) which now includes Google Authenticator support and has some other two-factor options (grids, biometrics, and Yubikey). See http://lastpass.com/
Although LastPass has the weakness of a cloud-based point of attack, the two-factor options make it more secure against keyloggers than the password managers listed here. It's still vulnerable to a targetted attack against the LastPass client plugin, but that's true of almost any authentication technique.
Posted Nov 12, 2011 0:21 UTC (Sat) by drag (subscriber, #31333)
The main danger then changes from password stealing to session hijacking.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds