|
|
|
|
|
|
by 1cvmask
1795 days ago
|
|
|
It's great that he differentiates the two different types of "autofill" in the beginning, and regretfully later on refers to automatic autofill as autofill. - "Autofill can be 2 types: automatic autofill (autofilling a password without user interaction) and manual autofill (autofilling a password after some user interaction - clicking in the password manager's UI). In the following article, the term autofill always means automatic autofill." - When we designed the SaaS Paas password manager we opted for the manual autofill as it requires intent and thus mitigates against many of the highlighted attack vectors that come with "automatic autofill." In addition, the password manager extension has a session timeout and has no static master password at (mitigating against replay attacks). You can only unlock the browser extension with passwordless MFA. The added advantage of this is that you can share your browser comfortably with others. NB: worked on balancing usability and 2fa security. |
|
|