Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari and Chrome: Tied For the Worst Password Manager

Posted by CmdrTaco on from the remember-this dept.

Startled Hippo writes "Safari and Chrome are tied for the worst password manager built into a major Web browser, according to a new study on the issue produced by Chapin Information Services. One problem is that some password managers can be tricked into submitting different password credentials to different parts of the same Web site. The bug has been fixed in Firefox, but Chrome and Safari are still vulnerable to this kind of attack."

5 of 218 comments (clear)

  1. Never use password managers by thetoadwarrior · · Score: 4, Interesting

    If you can't remember your password then write it on paper and hide it. Putting it on your computer, especially your Windows PC, is asking for someone take it.

    Even if they aren't in clear text the downside to using a password manager is everyone's passwords will be in the same place and in the same format. It's easy pickings.

    1. Re:Never use password managers by yttrstein · · Score: 4, Interesting

      First place a local black hat looks? Under keyboards. One of the things its fun to do with new clients is to walk around their offices and grab every password-slip you can find. All the usual places -- under keyboards, in the desk drawer next to the pens, on the back of a monitor facing a cube wall.. And this one is my favorite:

      In a desk drawer but fastened to the underside of the desk surface. Very clever.

  2. Re:I Use A Mac... by Jugalator · · Score: 5, Interesting

    Isn't it time Firefox supported the Mac Keychain? :-/

    --
    Beware: In C++, your friends can see your privates!
  3. Re:I Use A Mac... by Shin-LaC · · Score: 1, Interesting

    If there are "several" such applications, doesn't that in fact mean that there is no single centralized password manager, like the (trollish) GP surmised? Or is it the case that, when you run a KDE application on a mainly-Gnome system, it gets passwords from the Gnome Keyring, and vice versa?

  4. Wordpress dashboard shows this flaw by yabos · · Score: 2, Interesting

    Anyone using Wordpress admin + Safari can see this for themselves. Embedded in the Wordpress admin "dashboard" is a frame with a wordpress.com source. This frame will show you statistics about your blog if you're logged in to wordpress.com. The problem is, that in Safari when you have auto fill turned on, it puts the login credentials from myblog.com(i.e. your own blog login credentials) into this form which is hosted on wordpress.com