Hacker News new | ask | show | jobs
by Micaiah_Chang 4308 days ago
I'm currently having a failure of imagination here, but how would you social engineer a password manager?

The tricks I'm thinking of involve fooling the user into thinking a site is something it's not or guessing some sort of personal information. But with a separate application the former seems unlikely and the latter is stopped if you use a scheme such as diceware (https://en.wikipedia.org/wiki/Diceware). I understand that naive, theoretical musings on security are no match for experience, so how would you break that set up?
1 comments
anigbrowl 4308 days ago
By getting the user to give me control of it, same as if the user was moving everything to a new computer. You don't have to do this via a website; you use a website to create a problem and then make yourself available to fix it.

Not that I'm into this sort of thing, but I've had a few people attempt to co-opt me into criminal activity in the past so I wouldn't be at all surprised to read about such attacks.

link