In reply to <a href="https://www.maketecheasier.com/protect-password-managers-dom-clickjacking-attack/#comment-131937">Karrar Haider</a>. "saving them anywhere else has the same risk as saving them in password managers" That is why I do not use a PM. I keep the list of my passwords on paper (Oh the horror!) Unless one is in a corporate environment or at a location where there are multiple computers, the danger of somebody getting at least a look at a hardcopy password list is greatly overblown. To get at my password list, a bad actor would have to: 1) physically break into my house 2) find my computer 3) know that I keep a hardcopy list 4) search through all my books, notebooks and stacks of paper to find the list Only to find very little information of any use. After wasting so much time, the hacker would be in custody for "breaking & entry" or was introduced to Smith & Wesson brothers Hackers and other miscreants like to do their dirty work in the quiet and solitude of their basement and at their leisure. They do not do well under time constraints...
I'm also leery of this method because I have to upload something to a site. Definite security risk...
As is usual with Linux, somebody re-invented the wheel again...
In reply to <a href="https://www.maketecheasier.com/protect-password-managers-dom-clickjacking-attack/#comment-131931">Steve_K</a>. This article proves how useless, if not dangerous, Password Managers can be. On the one hand they are supposed to make logons easier and quicker but on the other hand, if the PM is compromised, we have to go through all kinds of gymnastics and logon manually after all...
In reply to <a href="https://www.maketecheasier.com/protect-password-managers-dom-clickjacking-attack/#comment-131931">Steve_K</a>. True, if someone gains access to your password manager, you are done. However, that's one downside of password managers and which is why they usually have the latest security measures to prevent that. Aside from this downside, password managers are necessary to follow the basic security advice of "Use strong and unique passwords for each account". It's almost impossible to have strong and long unique passwords for each account and memorize them (saving them anywhere else has the same risk as saving them in password managers). If someone is using the same password for all accounts, they are already putting all their eggs in the same basket...
In reply to <a href="https://www.maketecheasier.com/protect-password-managers-dom-clickjacking-attack/#comment-131930">John</a>. Here's the full list: RoboForm Keeper NordPass ProtonPass Dashlane Enpass LastPass LogMeOnce KeePassXC-Browser Bitwarden 1Password A bunch of them have provided a fix in the latest patch (mainly a confirmation prompt), like Bitwarden, 1Password, Dashlane, etc...
Comment on Top Password Managers at Risk of DOM-Clickjacking Attack – How to Protect Yourself by Dan
Glad you deigned to reveal to us what DOM stands for. I hate initials and if you had not revealed the meaning of the 3 letters I was going to unsubscribe. I hate bad journalism too. Good journey...