|
|
|
|
|
|
by judge2020
1505 days ago
|
|
|
> I need to trust the hardware. With your password manager, you're trusting a lot more: the software of the OS and kernel, the software of the browser and its dependencies, the software of your password generator and your password storage. You also have to hope the developers and administrators of the website you're signing in to aren't storing your passwords in plain text (and I don't just mean in the database - overly-aggressive APM/logging might be storing POST request data in a log stream somewhere). The only attack that's an issue for both passwords and security key-based sign-in is targeted attacks against a website, where they use your browser to execute malicious API calls to the website after you've signed in regularly. |
|
|