A note on Apple Keychainįor many years, I used Apple Keychain and absolutely loved it.įor the uninitiated, Keychain is Apple’s own form of password management. I can only offer so much advice on what platform that might be, and I will freely admit that I simply cannot be bothered to sit down and try every password manager out there I’d rather eat my own hair.īut I do have my own favourite, and it has changed the game for me, big time. The solution to this is simple: choose the option that makes you feel the most comfortable. You have a choice – and this particular choice is about as personal as it gets, given the nature of the data being stored. This is why the world is such a wonderful place. There are also a bunch of open-source, free-to-use password managers (from which the majority of the Password Massive appears to emanate). Let me confirm this once and for all: there are many, many options for password management out there, which range from keeping everything in your head to widely-used, privately-owned and VC-funded platforms. They’ll accuse you of misinforming your audience or tell you to “take down this video and remake it with the correct information” (I kid you not) if you fail to mention their favourite password manager. They’ll have their favourite method of securing all of their digital stuff, and they’ll politely let you know about it. But, good lord are there some staunch fans out there of particular platforms. It isn’t, after all, the sexiest of topics. There’s the obvious, too Apple versus Android, Apple versus Microsoft, Apple versus Linux (do not mispronounce the latter, please). Trust me – if you ever get into this content creation game and choose the tech niche, get ready to encounter The Headphone Massive if you dare provide a favourable opinion on one particular brand. There are several topics for which I create content that bring out the most depressingly miserable comments from people who can’t see past their own noses. ![]() Last year, I changed tact with my password management, and it made a massive difference to everything I do. If you’re not using one, you’re wasting an immeasurable amount of time and leaving the back door open for cybercriminals. Throw in two-factor authentication and what often feels like needless login requests (hello, Adobe Reader), and it’s a bit of a ’hot mess’, as they say on the internet. Which would be fine, if we weren’t asked to devise different combinations of letters, numbers, and special characters for every single point of access. ![]() We are also monitoring the request to reject/dispute this CVE on the grounds it is not actually a vulnerability in our software.Remember when passwords were an absolute pain in the backside? Maybe they still are for you, in which case, I’d urge you to read on.ĭespite this, there’s no getting away from the fact that we all need a multitude of passwords to get stuff done these days. In addition, having lost control of your computer in this manner would mean the attacker could execute any number of security compromises against your KeePassXC database, regardless of requiring credentials prior to export or credential change.Īt this time, we are not planning any drastic changes to the program to address this submission. ![]() Where this is true, there are numerous barriers to actually executing this attack sequence. The root of the argument submitted by the CVE author is that an attacker with unfettered access to an already unlocked database could export or change the password without requiring the original credentials. Additional information can be found in the discussion on GitHub. As the developers of KeePassXC, we do not consider the issue a vulnerability and have filed a request for the CVE to be rejected. On Jan alleged KeePassXC vulnerability with the identifier CVE-2023–35866 was posted against KeePassXC versions up to 2.7.5.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |