|
|
|
|
|
|
by throwaway192874
1833 days ago
|
|
|
As it looks like Tavis isn't hanging out and responding to comments here, I thought it'd be worth linking to a question and response he gave on Twitter as most comments revolve around this point. > @diractelda: Based on your thoughts, it seems a more accurate statement is "Don't use a password manager that interacts with your browser automatically unless it's the built in password system. Non-integrated password stores are fine." > @tavis: Yep, that's a fair summary, I was just trying to be punchy https://twitter.com/taviso/status/1401253440622235649?s=20 |
|
|
>> @colmmacc: Safari seems conspicuously absent from the list, but it has more users than Firefox or Edge. Is that deliberate? superficially it has the chrome problem solved and T1/T2 integration for the password manager across iOS and OS X.[1]
> @taviso: Well, it's deliberate because I don't know how it works, not because I think there's something wrong with it! It sounds reasonable from the docs, but I haven't looked at the implementation.[2]
As I said in thread, that’s a weird response given the opening paragraph of the article:
> I’ve spent a lot of time trying to understand the attack surface of popular password managers. I think I’ve spent more time analyzing them than practically anybody else, and I think that qualifies me to have an opinion!
I mean, I think Tavis is qualified to have an opinion regardless. But just blanket ignoring a competitor’s solution that addresses all of the problems in the article, while claiming to have more familiarity with the space than practically anyone else... that doesn’t sit well with me.
1: https://twitter.com/colmmacc/status/1401336209746673666?s=21
2: https://twitter.com/taviso/status/1401373666328203264?s=21