(github.com)

95 points thunderbong | 2 comments | 22 Oct 24 04:23 UTC | HN request time: 0.406s | source

Show context

reddalo ◴[22 Oct 24 07:20 UTC] No.41911976[source]▶

>>41911176 (OP) #

Is it even safe to use browser-integrated password managers? I think they're so much easier to use than external solutions such as KeepassXC, but if it's so easy to decrypt their databases...

replies(5): >>41912021 #>>41912023 #>>41912226 #>>41912321 #>>41913160 #

1. sureIy ◴[22 Oct 24 08:07 UTC] No.41912226[source]▶

>>41911976 #

Safari's absolutely. It uses a OS-wide keychain secured via hardware.

replies(1): >>41913007 #

2. larschdk ◴[22 Oct 24 10:45 UTC] No.41913007[source]▶

>>41912226 (TP) #

Does this prevent other software running on the same hardware from accessing the keychain?

E.g. on Windows, any program can access the entirety of the credential store for the current user.

↑

Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox