If a keylogger gets on to my computer somehow can it simply snapshot my masterpassword thus rendering any security by using the password manager defunct?
I got into the habbit of just remembering passwords or writing them down and choosing the option in whichever browser I use Do not remember passwords because ive read letting the browser remember passwords is a security risk. Then there is the flip side the less you have to key information the less of a chance its going to be logged by a keylogger? I am unsure Im no expert on such things just someone who is trying to be mindful of good practices.
How safe is it to use the password manager
-
Jenerous
Re: How safe is it to use the password manager
i don't trust passwords managers, though they seem handy. but good old pen and paper still work all right for me
-
dark_moon
Re: How safe is it to use the password manager
KeePass have a feature against keylogger (even if when your system is compromised, you have other problems then a keylogger): the paste feature and the windows secure desktop.
Read more here: http://keepass.info/help/base/security.html
Also you can harden the whole database with the new KeePass format, Argon2: http://keepass.info/help/kb/kdbx_4.html#argon2
And KeePass have a valid audit: http://www.ghacks.net/2016/11/22/keepas ... ies-found/
Also KeePass is more secure then paper, because:
everyone can read the paper
the paper can lost/ the text can gone
you have lot more work with secure passwords = you choice unsecure passwords on your paper
Read more here: http://keepass.info/help/base/security.html
Also you can harden the whole database with the new KeePass format, Argon2: http://keepass.info/help/kb/kdbx_4.html#argon2
And KeePass have a valid audit: http://www.ghacks.net/2016/11/22/keepas ... ies-found/
Also KeePass is more secure then paper, because:
everyone can read the paper
the paper can lost/ the text can gone
you have lot more work with secure passwords = you choice unsecure passwords on your paper
Re: How safe is it to use the password manager
If a keylogger gets onto your computer any password can be snooped. Using the password manager may disclose the master password in that case to the logger, but without also transferring the password store to the attacker, nothing else will be logged (since the rest will be autofilled by the browser and therefore can't be keylogged). Manually typing passwords every time is therefore also a much greater risk if keyloggers are a concern. (so your off-system paper password book might not necessarily be a good idea when talking about keyloggers).
The internal password manager also doesn't require any communication in the OS like the clipboard or DDE so if logging software would be monitoring that, it won't be possible to snoop on individual passwords (which is a potential risk for external password managers).
You can also harden Pale Moon's password storage by enabling FIPS mode which adds extra security measures against recovering passwords from the password and certificate stores. For most people this is, however, overkill.
Ultimately, though, any password actively used on a compromised system should be considered unsafe. Prevent trojans and keyloggers
The internal password manager also doesn't require any communication in the OS like the clipboard or DDE so if logging software would be monitoring that, it won't be possible to snoop on individual passwords (which is a potential risk for external password managers).
You can also harden Pale Moon's password storage by enabling FIPS mode which adds extra security measures against recovering passwords from the password and certificate stores. For most people this is, however, overkill.
Ultimately, though, any password actively used on a compromised system should be considered unsafe. Prevent trojans and keyloggers
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
