Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

SQLAndy

I'm Andy Warren, currently a SQL Server trainer with End to End Training. Over the past few years I've been a developer, DBA, and IT Director. I was one of the original founders of SQLServerCentral.com and helped grow that community from zero to about 300k members before deciding to move on to other ventures.

More on Password Managers

Last week I posted about reviewing passwords and mentioned using a password manager as part of that effort. DaniSQL noted in a comment a whitepaper about some browser vulnerabilities that can impact password managers – http://isecpartners.github.io/whitepapers/passwords/2013/11/05/Browser-Extension-Password-Managers.html. It’s a quick read and as always when we talk about security it often seems like can nothing be easy? A big point in the paper in that autofill can work against you – hidden fields on the page for example. Independent passwords per site helps reduce the pain if you get hacked and so would two factor authentication, but that isn’t the same as not getting hacked. Autofill is a huge convenience though. The manager I use allows me to set that option per site, so I’ll try to only use it where either the possible pain is almost nothing or I’m trusting the site to get it right every time (my bank?).

Knowing the risks is good. I still think the pros of a password manager used responsibly far outweigh the risks.

Comments

Leave a comment on the original post [sqlandy.com, opens in a new window]

Loading comments...