|
|
|
|
|
|
by UncleMeat
1991 days ago
|
|
|
Yes. The huge huge huge majority of credential attacks are stuffing and phishing. Unique passwords prevent stuffing. We observe that everybody reuses passwords unless they use a password manager. Password managers with auto fill can also provide some defense against phishing since they won’t auto fill. The Achilles heel you mention matters very little since it is a very rare threat model and it would be unreliable to assume that access ends at some point rather than that the adversary simply installed some persistent malware to read all future passwords. |
|
|
I agree, but perhaps password managers aren't a one-size-fits-all solution. People in high risk situations (e.g., admin @ crypto companies) that are likely to be specifically targeted, might be better served without a password manager. But yes, if RDP, e.g., is left on and open then a keylogger could be installed anyways...