HackerTrans
トップ新着トレンドコメント過去質問紹介求人

unodonut

no profile record

投稿

[untitled]

1 ポイント·投稿者 unodonut·5 か月前·0 コメント

Ask HN: Which password manager do you use / would you recommend?

5 ポイント·投稿者 unodonut·5 か月前·12 コメント

コメント

unodonut
·5 か月前·議論
Update, with Apple's 'Passwords' app, it appears all someone needs to do to get access to every single stored password, is grab your iPhone while it's unlocked, or sneak it from you while sleeping and use face id to unlock it.

Or, they could shoulder surf to get a 6 digit pin to unlock the phone, then steal it, then they're in.

Seems way less secure than 'Correct Horse Battery Staple'.
unodonut
·5 か月前·議論
Thanks for the rec. This is looking like the front-runner atm, for ease of adoption (nothing additional to download and setup) and cost-effectiveness (free for those who already on iOS/macOS).

EDIT: youtube reviews are really negative about Apple Passwords, but, those reviews all link to other (paid) password managers, so they cannot fully be trusted, since they're essentially in competition.
unodonut
·5 か月前·議論
According to the wiki, a one-click exfiltration vulnerability has existed for more than half a year and hasn't been fixed:

> In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click. LastPass version 4.146.8 (September 12, 2025), which was intended to address the issue, remains vulnerable

https://en.wikipedia.org/wiki/LastPass#Security_incidents