|
|
|
|
|
|
by nashashmi
1260 days ago
|
|
|
I need to start thinking more critically about my passwords being stored on ms edge. Now! These vulnerabilities are adding so much more fear to.life. I just got done neutralizing lastpass. And that took a while. I started that back in September. |
|
|
I don't like the idea of consolidation. It's a bad security posture. People love to point out that "they" can secure your data better than you can, but always neglect to mention that a consolidated target has considerably more value. Credential theft results in compromised networks. If you host your own passwords, an attacker would have to start with access in order to steal credentials. If you put all your passwords on a 3rd party server that you can't audit, with millions of other passwords from millions of other customers, it's only a matter of time before they get leaked. In fact, it's almost guaranteed that it will leak, because the value of the prize is millions of times greater.
Why would I waste 3 months trying to hack one business to harvest credentials when I can spend 12 months hacking last pass to get a million passwords? It's a simple cost/ benefit calculation. And lazy administration to think anything different.
So go ahead, consolidate your whole business on infra you have no real authority over. The next major world conflict will result in 4 cloud providers being physically attacked with data centers destroyed and then you will be partly to blame when 90% of the free world's economy disappears overnight.