Password Managers Vulnerabilities - Under Hood of Secrets Management

Page 2 of 3 FirstFirst 123 LastLast
  1.    #10
      My ComputersSystem Spec

  2. essenbe's Avatar
    Posts : 11,795
    Windows 10 Pro and Windows 10 Pro Insider
       #11

    I use Lastpass and do question some of the info in that original article. The master password they say they captured from Lastpass is 8 characters. Lastpass requires 12 characters for the master password. Plus I use a Yubikey for 2FA, which I don't know if that affects the article's conclusions. Without the Yubikey you couldn't get into my Lastpass if you had the user name and password. There are a couple more things I am curious about. At any rate I still contend you are much better off with a password manager than without one.
      My ComputersSystem Spec

  3.    #12

    essenbe said: View Post
    At any rate I still contend you are much better off with a password manager than without one.
    Agreed.
      My ComputersSystem Spec

  4. Callender's Avatar
    Posts : 1,192
    Windows 10 Home 1809 32-bit
       #13

    I use LastPass browser extension and not the installed version. In any case I wonder if cleaning memory periodically removes any risk?

    Click image for larger version. 

Name:	MemReduct Settings.jpg 
Views:	43 
Size:	28.1 KB 
ID:	225246
    Last edited by Callender; 4 Weeks Ago at 07:11. Reason: add text
      My ComputerSystem Spec

  5. TairikuOkami's Avatar
    Posts : 3,629
    Home 1809 x64 10.0.17763.288
       #14

    Just another strike for LastPass, which has been hacked so many times, that it is like a joke.

    essenbe said: View Post
    Plus I use a Yubikey for 2FA, which I don't know if that affects the article's conclusions. Without the Yubikey you couldn't get into my Lastpass if you had the user name and password.

    That depends, do you have to use Yubikey again, after your account was locked?
      My ComputerSystem Spec

  6.   My ComputersSystem Spec

  7.    #16

    Callender said: View Post
    I use LastPass browser extension and not the installed version. In any case I wonder if cleaning memory periodically removes any risk?

    Click image for larger version. 

Name:	MemReduct Settings.jpg 
Views:	43 
Size:	28.1 KB 
ID:	225246
    Is that the version that was patched/updated after the report was released?

    EDIT : my mistake, that's a memory scrubbing program, right? Not sure if that addresses the issue.
      My ComputersSystem Spec

  8.    #17

    Callender said: View Post
    I use LastPass browser extension and not the installed version. In any case I wonder if cleaning memory periodically removes any risk?
    That depends... There aren't many password managers that actually scrub the memory, regardless what the manual/FAQ states:

    Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators

    One could make an argument that, if someone can do a memory dump on your system without your knowledge, you already lost...
      My ComputerSystem Spec

  9. Cliff S's Avatar
    Posts : 23,540
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #18

    Cr00zng said: View Post
    That depends... There aren't many password managers that actually scrub the memory, regardless what the manual/FAQ states:

    Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators

    One could make an argument that, if someone can do a memory dump on your system without your knowledge, you already lost...
    Why a memdmp?
    Isn't that what Meltdown is all about
    Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
    Meltdown and Spectre

      My ComputersSystem Spec

  10.    #19

    I memorize all mine.
      My ComputersSystem Spec


 
Page 2 of 3 FirstFirst 123 LastLast

Related Threads
https://www.pwsafe.org/ I have never used one before but am getting to the point where it seems like it might be a good idea. I did a cursory look on TenForums but it was inconclusive: https://www.tenforums.com/search.php?searchid=11357568 ...
There are those among us who can use this product, i.e.practically all of us. Free ebook: Windows 10 IT Pro Essentials Support Secrets This ebook is for Win 10 including the Anniversary update Final Preview Version 1607 Free ebook:...
Read more: Under the hood of Microsoft's Windows Subsystem for Linux | ZDNet How to Enable or Disable Bash on Ubuntu on Windows 10 How to Create a Bash on Ubuntu on Windows 10 shortcut
Read more: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data | ZDNet
Several Managers not working anymore in Performance & Maintenance
Hey there! Since today I have a problem, some programs are just not starting anymore. For example, there would be the Device Manager, the Event Manager, Computermanagement. It just shows the loading mouse for one or two seconds, but nothing...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:01.
Find Us