[URGENT] DEF CON Researcher Exposes How Password Managers Betray Your Trust
"Czech security researcher Marek Tóth demonstrated at DEF CON 33 how a single click on any malicious website can steal passwords, credit cards, and 2FA codes from 40 million users of major password managers, with vendors like 1Password and LastPass refusing to fix the vulnerabilities."
What this brings home yet once again is, in regard to security, the easier something is to use is usually not better for security. In this case, much of the issue is around the autofilling of passwords on page loading (because that is easier). So, to some extent, this is all helped along by settings we choose to set.
Again for subdomains vs exact domain, it is easier to match to just the base domain…
Many password managers will be addressing these issues in the coming week or two, but it is worth rethinking your "ease of use" settings on your password manager so long.
See
https://www.sambent.com/urgent-def-con-researcher-exposes-how-password-managers-betray-your-trust#
technology #
security #
vulnerabilities
