floofloofFeb 16

You probably can't trust your password manager if it's compromised

https://lemmy.ca/post/60541192

You probably can't trust your password manager if it's compromised - Lemmy.ca

cross-posted from: https://infosec.pub/post/42164102 [https://infosec.pub/post/42164102] > Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

Show threadshortwavesurfer
I store my passwords on a flash drive with KeepassXC. How about you compromise that server… Oh wait a minute, no server?
Feb 16 at 11:57pmWeb
Show threadAbidanYreFeb 17

As long as your copy isn’t a trojan.

cybersecuritynews.com/hackers-weaponize-keepass-p…

Hackers Weaponize KeePass Password Manager to Deliver Malware & Steal Passwords

Threat actors are now targeting KeePass to spread malware and steal credentials, posing a major risk to users of this password manager.

Cyber Security News
Show threadToTheGraveMyLoveFeb 17
So just get it from your repo.
Show threadmasterofn001Feb 17
Repos can get / have been hacked/malicious code injected.
Show threadToTheGraveMyLoveFeb 17
So can anything. Then don’t use the fucking internet. What the fuck do you want to hear?
Show threadshortwavesurferFeb 17
I got it from my system package manager. I didn’t download it from the web or anything. Sudo apt-get install keepassxc. I also use keepassDX on my phone, pulled from the fdroid repository.