Showroom7561Is Your Password Manager Safe? | Clickjacking Found in Most Password Manager Extensions
I am sorry, I just can’t stand videos where the host talks super fast right from the start.
I am sure the video is informative, but it goes too fast for me to deal with.
The tl;dw is all cloud stored, browser extension based password managers are vulnerable to having your passwords stolen from simply visiting a compromised site and clicking out of a popup ad for their newsletter.
I made it like 10 minutes in before starting to fall asleep but his proposed solution is using an offline password manager and manually copy pasting your stuff.
Not sure what he needed another 15 minutes to yammer about…
manually copy pasting
I haven’t watched the video but is it worse if you stumble upon a fake domain name that you fail to recognize?
The logic against that is you could just assume the password manageg is bugging out if it doesn’t pop up, so you can make the argument that either method of using a password manager is vulnerable to phishing
If you watch the whole video, he actually mentions that quite a few of them have since been passed. NordPass has, which is the only one I cared about.
So if the site is compromised and the attacker already has access to your authenticated session and data, they can try to also obtain your password and a single TOTP code via click jacking? It doesn’t seem all that useful.