undefined | Better HN

0 pointsmechanical_fish12y ago0 comments

Justin Schuh had a nice capsule summary of some available techniques for compromising logins:

https://news.ycombinator.com/item?id=6166731

- dump all your session cookies

- grab your history

- install malicious extension to intercept all your browsing activity

- install OS user account level monitoring software

The last one could plausibly work, in combination with "grab a copy of the encrypted 1Password key file", to compromise all the 1Password stuff. The others essentially work around 1Password, or so I believe.

This is why there are certain passwords that I don't even store in 1Password. It's also an argument for two-factor auth.

0 comments

carlosrg12y ago

None of these are comparable to having a full-featured, user friendly GUI to grab all your passwords accessible with a simple "chrome://settings/passwords".

tptacek12y ago

Why, because you feel safer if the attacker is at least required to understand how computers work? That doesn't make me feel safer at all.

j / k navigate · click thread line to collapse