[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] Possible browser security problem
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] Possible browser security problem
- From: comrade meowski <mr.meowski@xxxxxxxx>
- Date: Thu, 16 Jul 2020 17:03:36 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TfhVQK5D/h41vIhaM9N9jXZmetzsbhDxGIlfSom1A6I=; b=d6jjhg6Tpa7vSIoGMc1RVmEznnRGYbpssjlJm3z9E1oIlZFiR8B72CV/+nuGsTliyDFN4IuqZQDhnbsHLQhm2oXU5HHMlOoj3OxRlM1KE7n7F0FEP5P7hPblJGYk3PQc1kLhhpP4a2UJPWVZxJvEraA9YBoiKTxL1GAthTyb3P0knPPUn8gHoEp3Q9gnDGv691uajVP/GemoycZ+aOH7w4dRB0b0k4YCoyWNrOOAlSTR7jUxuam9pDxLWOOvRA7GMH+xOgnPHqnO8qw9kSlS0v+3q6mfgLhFGNCUnVb5GEtYnzHu6185+PzykRd8f4nYN5faY9BKNcNUZnF5IpfknA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F71pdts6IZu+2287PcKAeijh28PH5NKrieizW6gImHPpJn4KHbhdVcLxxiGcXVGCoQE/w6+hF2katV4KWtbQbGz2Tj8vhvQYJk3I5OpwQMF4cyIZzcpDgSofkUd4dtcWdEYHnEsiMOJUqkz0cwNOL94WYMFgC5EBD8MbjMgj0S3NUY1tHkWykYXIdSg1/px89LnYEk0Y1XQu08bbVecAcUfrF+o0c0onjxYGIOpiZgywvWEVjDIo1pbVvz8H5okng8e6YQ1xaBWaVH1Jyl2D3gGKWb2+wMELb73b3d6B2DA5vxZAldvzfObUKrDxmQNTdqotIc1oUDQvbN4EkQjDBQ==
- Content-language: en-GB
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1586423162; h=Sender:Content-Type: Content-Transfer-Encoding:Reply-To:List-Subscribe:List-Help:List-Post: List-Unsubscribe:List-Id:Subject:MIME-Version:In-Reply-To:Date:Message-ID: From:References:To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner:List-Archive; bh=GrXtPUj5Wd5po9aWPVQKF+pcGkXYO38JmIZHp0H9+cI=; b=gerfx7IHDtiKSTSoYxCoEi0IX pSRnqUBNWVhsSsUq43hq36KqUI1FdFmGqeUbHN6OxhGXlxVGyHVccJmEUmellKuvj9wrFMYPHdIam d+YPWHIkJUmyK2eneAuLB0JOKZ5A473D/XmHn9UYm03AjFUulDqoOOSjEuo86pQxJ55SQ=;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TfhVQK5D/h41vIhaM9N9jXZmetzsbhDxGIlfSom1A6I=; b=tcPOW7Lvsb6u28bPtOdWG8kk+/d3PoDYg56Mr+igKn+qlyh3O/GnJKj0bKKFqY6rYATXDy/LsdLYzk8zCWFYlHLpWhjTrQFgd8SZK3yXyOJPrydTFQ+NVbR92wSnYcO1cvYfqn6xkatLpRE/cCG/HSR31AG23vih8grwN/wV9C4TLhimpq6k+OELxSrpreXsD7hHzhqwwEERyPnL63JO9460hpFI6GOgveXEg4O0FcEEolhq57L9c8mEkwrvYRrE9y00neVxmO/Uvythr+HIYr7mS6HHOnB3CvkP3bfzQMYk5k7tNYOMAyr9qJFa44XwU2Fi6oVmrVD9vZWj43WG/Q==
On 16/07/2020 16:08, Simon Waters wrote:
Many password managers don't routinely use the paste buffer for precisely this
sort of reason.
If you are routinely sticking passwords in the paste buffer consider a better
password manager that fills the passwords in for youIf you have to paste you
can still be phished, which defeats most of the win, as human error still
lurks at the heart of the login steps.
You're right of course and these days password managers are much more
sophisticated. I just checked a couple of mine and indeed they no longer
just lazily use the copy/paste buffer to shunt credentials to the
browser. They probably stopped doing that years ago now and I never
noticed!
They do generally have a "clear clipboard" timeout option though, which
on reflection must be for those rare occasions where they _do_ use the
copy/paste buffer for legitimate operations: I guess an example would be
when you use the generate password function and want to immediately
paste the result into a web page during sign up.
Looks like I was being a bit too paranoid so it's always nice to find
something I can actually relax a bit on. One that _I_ can file under
"don't worry about it" as it turns out :]
--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
