|
|
|
|
|
|
by nine_k
3456 days ago
|
|
|
Well, yes. A domain name, when backed by an SSL certificate, gives a modicum of certainty that information is not being siphoned to a third party. A password manager running outside my browser and only communicating the bare minimum required by a page, after checking its certificate, sound like a good idea. LastPass is almost there; the only reservation is that it's not run on a machine controlled by you. Other similar solutions overcome this limitation. A browser extension is actually a great approach, too: it can and should be open-source and signed, thus reasonably tamper-proof. It should, again, do the bare minimum regarding the communication with the actual password store. Its usefulness is mostly in discovering the mapping between form controls and info to be stored. |
|
|