114
Password manager by Amazon (lemmy.world)
submitted 2 weeks ago by kokesh@lemmy.world to c/technology@lemmy.world
103 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] vk6flab@lemmy.radio 35 points 2 weeks ago

Here's the thing .. as crazy as a notebook with passwords sounds, it's not accessible to someone across the internet.

[-] 6nk06@sh.itjust.works 11 points 2 weeks ago

Password managers check the URL before giving its data. A human being can be fooled into giving it to a fake web site.

[-] MentalEdge@sopuli.xyz 9 points 2 weeks ago* (last edited 2 weeks ago)

TBF, they can be fooled too.

Bitwarden warns against using autofill on load for that very reason, as then simply loading a malicious page might cause it to provide passwords to such a site.

And then, a human when a site doesn't autofill, is more likely to just go "huh, weird" and do it manually.

[-] Darkassassin07@lemmy.ca 2 points 2 weeks ago* (last edited 2 weeks ago)

You've always got the human element, bypassing security features; but extra little hurdles like a password manager refusing to autofill an unknown url is at least one more opportunity for the user to recognize that something's wrong and back away.

If you're already used to manually typing in the auth details, you may not even notice you're not on the site you were expecting.

[-] lmmarsano@lemmynsfw.com 1 points 2 weeks ago

they can be fooled too.

Makes it harder: when I go to the wrong website, the manager simply doesn't suggest credentials (it does not have) for it. That causes me to wonder why.

Without a password manager, a user is never prompted to wonder. They'd simply not notice.

[-] Serinus@lemmy.world 0 points 2 weeks ago

Wait, what? How does autofill get fooled?

[-] gaylord_fartmaster@lemmy.world -2 points 2 weeks ago

Someone manages to maliciously sneak username and password fields onto a site that store what is entered as soon as it's typed. They don't even have to be visible to the user and bitwarden will fill them in as soon as the page loads.

[-] Serinus@lemmy.world 3 points 2 weeks ago

Bitwarden will only autofill if the domain matches.

[-] gaylord_fartmaster@lemmy.world 1 points 2 weeks ago

Right, "maliciously sneak", as in they've either gained access to make changes to the site ditectly, or they've found a way to inject their scripts to steal creds.

[-] Serinus@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

And how is that any different from not having a password manager?

Yes, if someone hijacks a domain they can get credentials intended for that domain. A password manager doesn't make a huge difference here, because why would they make the site look any different than normal?

[-] gaylord_fartmaster@lemmy.world -1 points 2 weeks ago

They don't even have to be visible to the user and bitwarden will fill them in as soon as the page loads.

I guess you didn't read most of the comment.

[-] Cocodapuf@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

No, he did, here's where the confusion is.

Serinus is asking if the site in question needs to be compromised. In other words, can the attacker compromise a random site to fool your password manager into entering credentials for Gmail.com, or does the attacker have to compromise Gmail.com to do that?

Because those two attacks are very different levels of complexity.

And frankly, if someone compromises the site you're actually trying to visit, there's simply no defense against that at all.

[-] A_norny_mousse@feddit.org 1 points 2 weeks ago

It depends on what the user fills it with.

Even the objectively safest solutions will be much shorter, and have less entropy, than what a pw-manager can deal with.

[-] BlackPenguins@lemmy.world 0 points 2 weeks ago

Just maybe don't plaster "THESE ARE MY SECRETS" on the cover. Security through obscurity.

[-] Cocodapuf@lemmy.world 1 points 2 weeks ago* (last edited 2 weeks ago)

My mom had a nice little notebook for passwords. But when she passed, we couldn't find it anywhere... We went through the whole apartment, everything.

Not having her passwords made a lot of things harder, closing her accounts, accessing her laptop, phone, etc. So while you shouldn't advertise it, do tell a few people where to find it if they need to.

[-] vext01@lemmy.sdf.org 0 points 2 weeks ago* (last edited 2 weeks ago)

Yeah, It's actually quite a secure way to store passwords, since it requires physical access.

I knew a guy who had a drawer full of slips of paper with passwords written on. He called it the "security drawer". Made me smile, but probably shouldn't have been advertising it.

[-] lars@lemmy.sdf.org 2 points 2 weeks ago

Oh I know him. What a weirdo. Fun guy tho. Did he move what’s his new address anyway?

this post was submitted on 19 Jul 2025
114 points (91.3% liked)

Technology

73570 readers
1416 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws