Hacker News new | ask | show | jobs
by jlgaddis 3759 days ago
In a corporate environment, a system administrator with administrative access to employee/user machines could gain access to their credentials.

That's the big issue, I think, unless I'm missing something.
2 comments
pfg 3759 days ago
Someone with administrative access would have an almost unlimited number of ways of accessing passwords in any password manager. Key logging, memory dumps ... once your system is owned, you're SOL.
link
jlgaddis 3759 days ago
I agree, but this makes it a helluva lot easier.
link
pfg 3759 days ago
I don't agree that installing a key logger (of which there are hundreds out there) and stealing the encrypted password files is in any way harder than logging lo0 and waiting for passwords to slowly trickle in while they're being used.
link
tptacek 3759 days ago
They can do that anyways by sniffing the keyboard directly.
link
jlgaddis 3759 days ago
Sure, but this is a helluva lot easier.
link
tptacek 3759 days ago
Why on earth do I care? They're both easy.
link