|
|
|
|
|
|
by beardedwizard
2197 days ago
|
|
|
Will you be inspecting the code every single time it loads to ensure that has not changed? You are receiving this code from an untrusted 3rd party every time you visit. There is a big difference to trusting a known entity like lastpass, 1password, etc, all of whom are vulnerable to supply chain attacks. It is another thing entirely to trust a random website on hackernews. Payload decoders and password generators are some of the biggest honeypots out there. Combining this with an attack taking advantage of hidden form autofill, you could gain quite a bit of information to go along with that password. |
|
|
If I were to recommend novices to use it-- I'd tell them to use a password manager locally, and something like that to generate a secure password to get into their own machine locally / get into their password manager-- which mitigates most of the risk if it turns rogue.