**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2023-03-11T08:33:50Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

some people are going to sacrifice safety for convenience.

What the Experts Say About Browser Password Managers

Browser Password Managers Are Convenient But Dangerous

Bottom Line, Get a Real Password Manager
Google Password Manager doesn’t use the zero-knowledge encryption techniques that protect password data from everyone, including the password manager company. It doesn’t even use a master password

#CoSoSec

https://mashable.com/article/google-chrome-manage-passwords-bad-idea-privacy-leaks

Mar 11, 2023, 08:33 · 2· 0· 5

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Mar 11, 2023, 08:38

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Mar 11, 2023, 08:38

Mar 11, 2023, 08:38

⇄ Σ = Mᄃ² ⇆ @[email protected]

and if you really need to use Google's password manager make sure your data is encrypted

via Google >> sync and Google services << setting

93f32c8232fb1a28.png?1678523836

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Mar 11, 2023, 08:46

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Mar 11, 2023, 08:46

Mar 11, 2023, 08:46

⇄ Σ = Mᄃ² ⇆ @[email protected]

also Chrome is rolling out biometric authentication for computers that have that function

if you aren't seeing in the settings you can enable this flag to get it

chrome://flags/#biometric-authentication-in-settings.

This is almost identical to the experience on Android phones and tablets when accessing saved passwords via Chrome or under Settings -> Passwords & accounts -> Google.

#TipsAndTricks

**Daniel Smith** @[email protected] · Mar 11, 2023, 12:33

**Daniel Smith** @[email protected] · Mar 11, 2023, 12:33

Mar 11, 2023, 12:33

Daniel Smith @[email protected]

@ecksmc My recommendation would be BitWarden. I started with LastPass and I'm still with them mostly because I don't want to change and I understand their security model.

Yes, they were hacked but their security model wasn't broken. It held. Beautifully. The hackers used side channel attacks to gain access. The story isn't over either but I've already changed all of the important passwords that were stolen.

Also, setup 2FA on the most important: all financial, identity, and email accounts.

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Mar 11, 2023, 12:47

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Mar 11, 2023, 12:47

Mar 11, 2023, 12:47

⇄ Σ = Mᄃ² ⇆ @[email protected]

@danielbsmith yeah Bitwarden is a good choice - I switched to another PW manager though

they had an audit done recently also

https://counter.social/@ecksmc/109958631627504415

some issues were found but weren't classed as not severe

Three of the four issues that the security researchers discovered during the audit have been addressed, the fourth is under investigation

any service that offers 2FA you should use not just important stuff 😉

**Daniel Smith** @[email protected] · Mar 11, 2023, 13:57

**Daniel Smith** @[email protected] · Mar 11, 2023, 13:57

Mar 11, 2023, 13:57

Daniel Smith @[email protected]

@ecksmc True about 2FA but I just don't like the extra hassle. If they really want to hack any of a thousand accounts I've had to make for access to a site (not sites I actively use to post content to) then they can knock themselves out.

Resources

Developers

What is CounterSocial?

counter.social

More…