HackerTrans
TopNewTrendsCommentsPastAskShowJobs

unodonut

no profile record

Submissions

[untitled]

1 points·by unodonut·5 месяцев назад·0 comments

Ask HN: Which password manager do you use / would you recommend?

5 points·by unodonut·5 месяцев назад·12 comments

comments

unodonut
·5 месяцев назад·discuss
Update, with Apple's 'Passwords' app, it appears all someone needs to do to get access to every single stored password, is grab your iPhone while it's unlocked, or sneak it from you while sleeping and use face id to unlock it.

Or, they could shoulder surf to get a 6 digit pin to unlock the phone, then steal it, then they're in.

Seems way less secure than 'Correct Horse Battery Staple'.
unodonut
·5 месяцев назад·discuss
Thanks for the rec. This is looking like the front-runner atm, for ease of adoption (nothing additional to download and setup) and cost-effectiveness (free for those who already on iOS/macOS).

EDIT: youtube reviews are really negative about Apple Passwords, but, those reviews all link to other (paid) password managers, so they cannot fully be trusted, since they're essentially in competition.
unodonut
·5 месяцев назад·discuss
According to the wiki, a one-click exfiltration vulnerability has existed for more than half a year and hasn't been fixed:

> In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click. LastPass version 4.146.8 (September 12, 2025), which was intended to address the issue, remains vulnerable

https://en.wikipedia.org/wiki/LastPass#Security_incidents