(github.com)

110 points thunderbong | 1 comments | 22 Oct 24 04:23 UTC | HN request time: 0.202s | source

Show context

reddalo ◴[22 Oct 24 07:20 UTC] No.41911976[source]▶

>>41911176 (OP) #

Is it even safe to use browser-integrated password managers? I think they're so much easier to use than external solutions such as KeepassXC, but if it's so easy to decrypt their databases...

replies(5): >>41912021 #>>41912023 #>>41912226 #>>41912321 #>>41913160 #

sureIy ◴[22 Oct 24 08:07 UTC] No.41912226[source]▶

>>41911976 #

Safari's absolutely. It uses a OS-wide keychain secured via hardware.

replies(2): >>41913007 #>>41917232 #

1. NotPractical ◴[22 Oct 24 18:30 UTC] No.41917232[source]▶

>>41912226 #

Chrome uses it too. However the CDP protocol allows any local app to control the browser so you can use that to open the browser in windowless mode, examine the list of passwords at chrome://passwords, then open a bunch of tabs to all of those sites and extract the passwords from the HTML forms they get auto-inserted into.

↑

Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox