All Questions
Tagged with keyloggers password-management
13
questions
1
vote
1
answer
278
views
What are the risks of reusing the same passphrase for FDE, user account, and password manager?
Consider a home user who runs Linux on a laptop with full-disk encryption and uses a cloud-based password manager. Assume the laptop is firewall-protected with no SSH access. It seems reasonable to ...
- 123
2
votes
1
answer
1k
views
Bitwarden and gamecontrollerd on OsX Big Sur
Recently, I came across an issue concerning a daemon named gamecontrollerd in OsX Big Sur.
On my laptop I'm running ReiKey (from Objective-See), which aims at identifying possible Key Loggers that ...
- 21
0
votes
2
answers
515
views
iCloud Security Concern: browser session authentication storage after 2-factor?
Does anyone know how Safari or Chrome stores a www.icloud.com session authentication after logging in and passing 2-factor authentication? Is it stored in an encrypted cookie?
My concern is, if ...
- 279
0
votes
1
answer
549
views
Are auto-type features of password managers actually effective against keyloggers?
Of course if you think of a "keylogger" as a program that can only read keystrokes, then copy-pasting on the clipboard is going to be enough. But we know that keyloggers are not really only "logging ...
- 15.8k
5
votes
3
answers
1k
views
Keyboard vs clipboard password manager threat models
A password manager (like KeePass) offers you the option to copy and paste your password (the clipboard is cleared after pasting/timeout) or to emulate a keyboard and "type" the password for the user.
...
- 73
1
vote
2
answers
715
views
Password manager: master password or not?
I use several browsers for several reasons (surfing, downloading files, logging into accounts...) but I prefer Chrome for doing "risky" things like browsing websites which I don't know whether they ...
- 481
3
votes
2
answers
8k
views
Does the use of an on-screen keyboard give a false sense of security or protect against all types of keyloggers? [duplicate]
Does the use of an on-screen keyboard (OSK) give a false sense of security? For example when people use the OSK in an attempt to prevent key-loggers from logging information like passwords, typed on ...
- 6,715
3
votes
1
answer
427
views
Protecting against specialized Keepass attacks
If you look at the KeePass security information, it says:
However in all the questions above we're assuming that there's a spyware program running on the system that's specialized on attacking ...
- 3,402
5
votes
2
answers
8k
views
staying not signed in: is it the safest procedure?
each time I do connect to a private or public network I log into websites by keeping the option "stay signed in" or "keep me signed in" unselected, so I have to re-type my username and passwod as ...
- 481
2
votes
1
answer
611
views
Is drag-and-drop safer than using the clipboard when it comes to protecting sensitive data from keyloggers?
I noticed that multiple password-locker applications recommend that you use the drag-and-drop feature to transfer passwords to login forms instead of copying the passwords to the clipboard or having ...
- 121
0
votes
3
answers
525
views
Why are keyloggers a problem for password managers?
Reading the API definition of SetWindowsHookEx, I see
Calling the CallNextHookEx function to chain to the next hook procedure is optional, but it is highly recommended; otherwise, other ...
- 3,402
1
vote
2
answers
2k
views
Unregistering keyboard hooks by timeout expiration
I'm writing a password manager for Windows which I want to protect against keyloggers. There is a timeout of 5000 ms for keyboard hooks.
The hook procedure should process a message in less time than ...
- 3,402
0
votes
0
answers
305
views
Secure password transfer from stdout to another window
I am currently trying to build a little, secure password manager. As of now, I've implemented the encryption. Each website has its own file and each file has a number of fields (Most commonly username ...
- 332