Password Madness!
I can't take it anymore. Managing all the passwords required these days is making me crazy. I have been somewhat leery of cloud type storage given privacy concerns and such, but at this point I ne...
Forum Discussion
Though may have somewhat alluded to the subject, my preferred method still remains using the browser for most passwords. Specifically, Firefox while separately encrypting its profile folder containing the password database. Primarily as a defense against rootkill malware, notoriously difficult to detect.
The fact remains no matter how you store your passwords, you have to input them in some way. And this is where undetected malware can run havoc over your password credentials. They can be capture through keystrokes from both hardware or soft keyboards. Other methods using inline hardware capture, or firmware malware, and its pretty much game over. Which is one reason to never use an unfamiliar computer requiring the use of password credentials.
They can also be captured using copy and paste by most password utilities where malware takes control of the clipboard. And though cloud storage may protect your passwords from local exploits, it won't particularly protect your account credentials from being captured, which can lead to access to your passwords depending how they are protected.
In fact, from installing two popular keyloggers on my system to test security, I was able to gain access to passwords from all methods, except through the browser's built-in password database. Of course, this assumes that no vulnerability exists with the browser password system itself. Though browsers like Firefox tends to be aggressively updated with security patches. BTW, two of the highest rated AV software could not detect the presence or activities of these keyloggers on my system in real-time. An on-demand scan with Malwarebytes Free did.
Not surprisingly, some of the largest recent security breaches in the news, were initiated by the use of rootkit keyloggers to steal sensitive account credentials on an infected computer, providing an entry point for hackers to further exploit server vulnerabilities to do the real damage.
There are free keyboard encryption apps available, which I've confirmed do work, but only if they load ahead of malware. Otherwise, keylogger/capture malware can take control of the clipboard, rendering them useless.
Again, there is no foolproof method to protect the security of your password credentials.
The fact remains no matter how you store your passwords, you have to input them in some way. And this is where undetected malware can run havoc over your password credentials. They can be capture through keystrokes from both hardware or soft keyboards. Other methods using inline hardware capture, or firmware malware, and its pretty much game over. Which is one reason to never use an unfamiliar computer requiring the use of password credentials.
They can also be captured using copy and paste by most password utilities where malware takes control of the clipboard. And though cloud storage may protect your passwords from local exploits, it won't particularly protect your account credentials from being captured, which can lead to access to your passwords depending how they are protected.
In fact, from installing two popular keyloggers on my system to test security, I was able to gain access to passwords from all methods, except through the browser's built-in password database. Of course, this assumes that no vulnerability exists with the browser password system itself. Though browsers like Firefox tends to be aggressively updated with security patches. BTW, two of the highest rated AV software could not detect the presence or activities of these keyloggers on my system in real-time. An on-demand scan with Malwarebytes Free did.
Not surprisingly, some of the largest recent security breaches in the news, were initiated by the use of rootkit keyloggers to steal sensitive account credentials on an infected computer, providing an entry point for hackers to further exploit server vulnerabilities to do the real damage.
There are free keyboard encryption apps available, which I've confirmed do work, but only if they load ahead of malware. Otherwise, keylogger/capture malware can take control of the clipboard, rendering them useless.
Again, there is no foolproof method to protect the security of your password credentials.
