Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Plea For Websites To Stop Blocking Password Managers

Posted by Soulskill on from the 123456-letmein dept.

An anonymous reader writes: Password managers aren't a security panacea, but experts widely agree that it's better to use one than to have weak (but easy-to-remember) passwords. Just this week, they were listed as a tool non-experts don't use as much as experts do. I use one, and a pet peeve of mine is when a website specifically (or through bad design) interferes with the copying and pasting of a password. Thus, I appreciated this rant about it in Wired: "It's unacceptable that in an age where our lives are increasingly being played out online, and are sometimes only protected by a password, some sites deliberately stop their users from being as secure as possible, for no really justifiable reason."

4 of 365 comments (clear)

  1. Re:Never seen them blocking CNTRL-C CNTRL-V by Gaygirlie · · Score: 3, Informative

    Blizzard's Battle.net does this. Or at least to, I haven't checked recently. I did contact them about it and they just scoffed it off as a "security measure."

  2. Re:A plea to fuck off. by gmack · · Score: 3, Informative

    My server logs disagree with your assumptions. Fail2ban is running constant blocks on botnets trying to guess passwords on SSH, FTP, SASL and webesites and this goes for my day job, my personal server and my evening contracts.

  3. Re:A plea to fuck off. by Anonymous Coward · · Score: 2, Informative

    A password BOOK doesn't even need to be cracked, so it's not a solution to that problem - it's got the same problems as before PLUS it's not secured at all.

    It's locked into my house. If someone breaks into my house I worry more about my immediate safety than someone logging into my facebook account.
    If they got access to my physical password book they have already gotten access to my wallet with my credit card and ID.
    Oh, and they probably found my passport too.

    And my passwords aren't written in a way that is legible. I don't write address, login and password together, and the password is usually a reference to a by me well known password with a modifier.

  4. Re:Scripts that interact with passwords fields aws by Zalbik · · Score: 3, Informative

    JavaScript can also intercept the contents of the clipboard.

    Not by default it can't.

    True there are potentially bugs in implementation or bad configurations that allow scripts to read the external clipboard, but the same argument could be made against password managers. Poor security / configuration of the browser could allow scripts to read the password provided by the password manager.