It's about limiting the attack surface. If an attacker were to get access to your device, they could encrypt your files - I would agree. But they could also get your passwords as well - if stored in a browser.
@@collinsinfosec if attacker can get physical access or fully remote access(can control input/output) to computer then they could just export passwords to a file without need of any kind of scripts.
@@lokeshkoliparthi9268 If you are using a password manager the hacker would still have to keylog you master password, and would need access to your 2FA (which I really hope you are using), so the passwords are still safe.
Keyloggers. Never type on your keyboard, here's why. Limitation: Physical access. Spyware. Never speak into your microphone, here's why. Limitation: Physical access. Spyware. Never use the monitor to view your data, here's why. Limitation: Physical access.
Bad ideia. If you have been infected you cannot escape. It is even easier to read a word document, as you don't need to decrypt it, you don't need to use specific software.
Still, if he's using a password manager and notices that the machine has been for instance backdoored, he can simply format completely and reinstall the system, as long as he doesn't access his passwords from his password manager it's still safe, so it's still better than having it on the browser.
If you are afraid of using password managers.. consider using them but store partial passwords. What I mean by that is that you simply add or subtract a special sauce that only you know about. By doing so, credentials stored in a password manager will never be sufficient to login so they become useless for everyone else that might get a hold of them.
What Swedownhill means is, save the password that google password manager gives you (SAVE it). An example could be on your amazon account. Recreate a new password on your amazon account but, this time, use the same password and add words or letters to the password (this time do NOT save it in google password manager). Everytime you log in, just add an extra word to it.
@@fearless6947 Actually no, that's not what I meant. Here's a better example: Lets say you generate a password of abc123def456, where/how it was generated doesn't really matter. You can then choose to store that exact password in a password manager. If the vault were to be compromised then the hacker would have access to that password/service. However, if you generate the above password, store it in the vault and then add your own special sauce outside of the vault. Then you, and only you would have access to the actual password. To further elaborate on this idea, let's create a few examples: Generated password stored in vault: abc123def456 Always subtract 2 letters: abc123def4 Always add QZ to every password: abc123def456QZ Etc. If you generate another password: qwerty987, then the same logic would be to store that in the vault, and then the actual password would be either qwerty9 or qwerty987QZ depending on the special sauce that was chosen. Of course, you should come up with your own system. These are just for demo purposes.
I am not sure how much this would help. If you are using the same system for all your passwords (otherwise what's the point), at some point some crappy website leaks your password and hackers can see your 'sauce' you used for all your password. Essentially you can never really trust this 'sauce' since chances it will leak at some point if you use it for many websites.
On firefox, if you have remote or physical access to the machine, you can just go in the security settings to check the saved usernames and passwords... no need to use any script for that lol (dunno about chrome) Honestly, if you got someone with ill intention having access to your PC, you're fucked and that's it.
Exactly this. At least he started the video by saying you need 100% full control of the computer. Well yeah if you have that you can do much more stuff than just steal passwords for my browser. That's like saying don't leave your wallet on your kitchen table as you should lock it in the safe behind a picture in the wall, but that's because if someone ever gets 100% full access to your house either by key or breaking in they can steal all your information you have in your wallet. No duh.
Remembering your passwords is a worse idea than storing them in the browser. Anyone that can extract passwords from Chrome's storage can also log your keystrokes as you type the password in. Plus, relying on memory to store passwords leads to password reuse, which is a far bigger problem.
if you are connected to internet via Ethernet or WiFi doesn't matter that cause someone will connect to the network or more likely hacker will connect to your router and then hack all the devices connected to that particular router he will poison it and boom he will have all the thingssss lolx
It’s kinda hard to get direct access to a Linux machine these days lol. Also, half of these vulnerabilities have been patched, and continue to get patched.
If i have someone else windows password, i will simply open chrome, head to password and browser will ask the windows password again and will simply put it there as well and see/copy password. Using browsers to save password is not insecure but you have to be secure enough not to have anything let your pc or browser access it.
I don't know why, you just suggesting to use password manager. As mention kevin mitnick or edward snowden, I forgot who say that "you don't use password manager" its just pushed you to out from scure password and just collecting your password to be generic password
I learned it from the hard way. My accounts linked through google Password manager, including my Google account, got compromised by a phishing auto token grabber. I am also learning Security Awareness and all browsers create a specific encrypted file with ALL passwords with jumbled text. With that file, they can use a cracker to get every single email and password in just a click. It is absolutely unacceptable. You are best just making your own strong password and write it in a small journal/composition book.
I do know the basics of cryptography, but I am not well-versed in the area of how the algorithm actually works or was developed from the mathematical perspective (math probability, etc).
So, in conclusion, really, saving your passwords in your browser is fine just as long as you keep everything updated, and you keep your network and home OS secure from RATs exploiting backdoors.
Good question. I haven't personally used BitWarden. I would say yes. Best possible solution would probably be a local password management such as KeePass.
@@collinsinfosec Bitwarden also has a self hosted version and its code is visible for everyone to see and inspect as oppose to some other password mangers
Saying that it is easy to steal passwords from the browser is wrong in my opinion. I mean, probably the browser is not the best place, but it's not even the worst place. At the same time it's not that easy to have access to another person's computer in a real world scenario.
How are they going to get access to my machine. Also all my passwords are linked to a G-mail account that has a backup account in my service provider and also a phone contact so finding my password to IG or Tik Tok would be pretty temporary. I am a bit worried about when I do sign up for online banking as I don't believe banks are that bright generally and I'm a bit leary of PayPal too although they may be smarter than the bank in matters of IT and Security.
Okay... just so you know you can't tell this to anybody, the next video is going to be a crash course about the bash terminal and permissions in Linux for cybersecurity reasons.
@@collinsinfosec Exactly! You got one secret, your biggest goal that you want to accomplish is making the "dee boo dah" virus go viral and take over the world with the new ransomware technology you're secretly working on. Sorry, but you asked me for this so the world has to know now...
Dude if someone already has remote code execution you lost. This is kinda fumb, like even if you encrypt your passwords, you have to type your master password to decrypt, which if you system is compromised to this level, you lost as well.
Is it the same problem if you use your password manager as an extension in your browser? That seems to be the only solution for autofill, but I always wonder if it leaves your data clear out in the open after you've unlocked it.
Apparently if you store your passwords with Keepass 2, it has an autofill feature where you just tab into Keepas, press Paste (Ctrl + V) and it will autofill the username AND password for you on the webpage. I just found this out today. Might actually use it solely for this one, neat feature.
The average person WILL NOT have python installed. And as mentioned in the comments, having full access of target computer is a moot requirement for this test. Target already has issues.!
lol, this is just a bit overcomplicated process for a simple expected result. If an attacker has full access to the victim's PC, he can get the passwords stored in the browser in less than 5 secs. The best advice if you store passwords in the browser is to get the USB security key and enable 2FA requiring security key and store passwords only for the services that have 2FA enabled. Attackers can still have your passwords but can't do shit about it to get access as long as you have the security key. The rest of the passwords should go to your password vault like Keepass. Also, don't trust online password managers, instead use offline password managers like Keepass.
This type of attack can be used on any password manager. The solution here is to have a hardware password manager. There are a few out there but they are not that good for example, Ledger Trezor and Mooltipass Password Managers.
Can I save passwords in my Google account only? Not in any browser. I have to save passwords in my Google account only because I can't remember all passwords from all website. Can you give me possible way to solve that problem?
i didn't even stored my passwords in browser but because of malware they take away all login details of the accounts which i logged in the browser like insta,fb,youtube and google account...........even the 2 key factor authentication is on still they hacked my accounts
I disagree with your entire premise, and especially the title. Storing your passwords in the browser is 100x better than trying to remember them, since password reuse is a far worse risk. Lastpass or other software that allows you to set a master password may be slightly better, but malicious software can either keylog the master password or just extract it from memory. In short, there is no reliable way to keep passwords secure on an infected machine. You should focus your efforts on preventing infection in the first place.
I do understand where you are coming from. But I would have to disagree with this opinion. A password management solution is far better as I suggested at the end of the video. I do agree with your last statement.
A friend got hacked and the hacker sent me an exe that I foolishly opened. He got all of my chrome passwords. He must have used the project tool described here to get my chrome passwords. I checked for any suspicious incoming established connections and my anti virus/operating system is picking up nothing. Should I still be concerned after changing my passwords? I am using a VPN but I'm not sure if that did anything in this situation.
well I wrote a password encoder that encodes a json file into a wav file. All you can hear from it are bunch of beeps with a frequency of 8000 and 9000 Hz. I copied the wav file into all of my devices. Decoding it will be easy but no one could guess that lol.
You’re most likely fine to store your password in browsers as long as you don’t install or use software that are dubious. Like come on, the attacker would have to have control over your computer, that’s not easy unless you’re asking for it.
Yep that is correct. As hinted at in the limitations section, an attacker would need to have access to your machine. The demos were just a couple examples of how post-exploitation could happen in the real-world scenario
Hey what things can cause someone get access to control ur system ? Someone tried to log into my fb I’m sure they got the password from my pc bit idk how they keep getting access to it
That's way too work for getting pwd. You need to make sure user has Python installed (which is common in programmers computer only) and then you need to run that script. for that u need remote access and that's not a joke. If u get it you basically owns the device. U can even run a ransomware's attack much less a script to get pwd
eh, redundant no? i mean if someone has access to your pc can't they just dump cookies and bypass both the password and the 2fa since that cookie session is already authenticated?
Well, where else am I supposed to store them? Other services either are on the cloud which runs in the risk of losing everything if thst service dies or is not free, and paying for the access of your passwords suck. Tell me if there is a better FREE SECURE password manager than Ill chanfe my mind. Also, the only way this can happen is if someone stole my device. Thst isnt going to hapoen anytime soon. Even if so, Google has many ways to prevent compramise.
@@Servidor_Publico_do_Ancapistao Again, not free and worse than a browser insert seeing as I have to find rhe paper (if its burried somewhere) and type it letter by letter cause no automatic insertion and "********" (not everything has Shoe Passseord)
Hey! Browsers do encrypt the passwords when stored, but you can decrypt them as well if you had access to the machine. Hashing wouldn't be a viable use case here.
hahaha sorry but if you have full access you can directly do the hell lots of things in one go like ssh or list all the things in his own shell and then attack on it or download everything from it and can do more and more and more
![[UA] NAVI проти G2 Esports | Blast Premier Fall Final](http://i.ytimg.com/vi/QWlIm4FGESQ/mqdefault.jpg)
Limitations: Attacker must have full access 1:20
Dude! If attacker already has full access then you are already .....
I agree with that. If they have access of course they could do mostly anything
It's about limiting the attack surface. If an attacker were to get access to your device, they could encrypt your files - I would agree. But they could also get your passwords as well - if stored in a browser.
@@collinsinfosec if attacker can get physical access or fully remote access(can control input/output) to computer then they could just export passwords to a file without need of any kind of scripts.
@@lokeshkoliparthi9268 If you are using a password manager the hacker would still have to keylog you master password, and would need access to your 2FA (which I really hope you are using), so the passwords are still safe.
wow haha
Keyloggers. Never type on your keyboard, here's why. Limitation: Physical access.
Spyware. Never speak into your microphone, here's why. Limitation: Physical access.
Spyware. Never use the monitor to view your data, here's why. Limitation: Physical access.
Lmfao
Never use a computer Limitation physical access
Use your psychic connection to the internet like an expert of course.
Good thing I have my passwords on a word document.
even worse..
If it's inside a veracrypt vault
Bad ideia. If you have been infected you cannot escape. It is even easier to read a word document, as you don't need to decrypt it, you don't need to use specific software.
@EnergySandwich Maybe. I've met someone who backed up the file in the Windows recycle bin.
All fun and games till you get ratted and someone downloads that file
if someone has access to the device its already compromised or encrypt your device. this video is kind of misleading.
I agree
Yeah you are right.
Yeah!
clickbait right
Still, if he's using a password manager and notices that the machine has been for instance backdoored, he can simply format completely and reinstall the system, as long as he doesn't access his passwords from his password manager it's still safe, so it's still better than having it on the browser.
If you are afraid of using password managers.. consider using them but store partial passwords. What I mean by that is that you simply add or subtract a special sauce that only you know about. By doing so, credentials stored in a password manager will never be sufficient to login so they become useless for everyone else that might get a hold of them.
What Swedownhill means is, save the password that google password manager gives you (SAVE it). An example could be on your amazon account. Recreate a new password on your amazon account but, this time, use the same password and add words or letters to the password (this time do NOT save it in google password manager). Everytime you log in, just add an extra word to it.
@@fearless6947 Actually no, that's not what I meant. Here's a better example:
Lets say you generate a password of abc123def456, where/how it was generated doesn't really matter. You can then choose to store that exact password in a password manager. If the vault were to be compromised then the hacker would have access to that password/service. However, if you generate the above password, store it in the vault and then add your own special sauce outside of the vault. Then you, and only you would have access to the actual password. To further elaborate on this idea, let's create a few examples:
Generated password stored in vault: abc123def456
Always subtract 2 letters: abc123def4
Always add QZ to every password: abc123def456QZ
Etc.
If you generate another password: qwerty987, then the same logic would be to store that in the vault, and then the actual password would be either qwerty9 or qwerty987QZ depending on the special sauce that was chosen. Of course, you should come up with your own system. These are just for demo purposes.
I am not sure how much this would help. If you are using the same system for all your passwords (otherwise what's the point), at some point some crappy website leaks your password and hackers can see your 'sauce' you used for all your password. Essentially you can never really trust this 'sauce' since chances it will leak at some point if you use it for many websites.
@@SweDownhillNever thought of that, that's good!
@@4lpina His idea isn't addressing your situation you gave. In your example literally nothing would help protect your password.
On firefox, if you have remote or physical access to the machine, you can just go in the security settings to check the saved usernames and passwords... no need to use any script for that lol (dunno about chrome)
Honestly, if you got someone with ill intention having access to your PC, you're fucked and that's it.
Exactly this. At least he started the video by saying you need 100% full control of the computer. Well yeah if you have that you can do much more stuff than just steal passwords for my browser. That's like saying don't leave your wallet on your kitchen table as you should lock it in the safe behind a picture in the wall, but that's because if someone ever gets 100% full access to your house either by key or breaking in they can steal all your information you have in your wallet. No duh.
But, in firefox you can create master password to prevent it
Chrome too. Just use the same Windows password you used when physically hacking your computer and ready, all browser passwords will be shown.
but bro, python script and linux tools works automaticly and easy
On chrome you need to use the pc password to access the passwords
i audibly let out a sigh of frustration because i know youre right but im too lazy to put effort into remembering my passwords >:(
Convenience vs Security is always dilemma 😂 Sometimes you have to choose, sometimes you have to meet in the middle.
Remembering your passwords is a worse idea than storing them in the browser. Anyone that can extract passwords from Chrome's storage can also log your keystrokes as you type the password in. Plus, relying on memory to store passwords leads to password reuse, which is a far bigger problem.
Use Bitwarden
Use a password manager
@@dashy324
Yes + 2FA
Alternate title: How to get your parent’s Amazon password for Vbux
Bobux
Your content is advanced and refreshing. Very helpful. 👍
Hhhhhh good luck for a hacker to get a full remote control of my laptop
ikr
The laptop would be easier than a desktop to get full remote access to assuming you ever connect it to wifi
hhhh dahka mrokia
Even modern routers have firewall protection against modern attacks.
if you are connected to internet via Ethernet or WiFi doesn't matter that cause someone will connect to the network or more likely hacker will connect to your router and then hack all the devices connected to that particular router he will poison it and boom he will have all the thingssss lolx
It’s kinda hard to get direct access to a Linux machine these days lol. Also, half of these vulnerabilities have been patched, and continue to get patched.
If i have someone else windows password, i will simply open chrome, head to password and browser will ask the windows password again and will simply put it there as well and see/copy password. Using browsers to save password is not insecure but you have to be secure enough not to have anything let your pc or browser access it.
It's just the same as someone having the password to your password manger fam
This makes no sense. Attackers can also end emails from your account and gain access to your bank account... if they have access to your account.
I don't know why, you just suggesting to use password manager. As mention kevin mitnick or edward snowden, I forgot who say that "you don't use password manager" its just pushed you to out from scure password and just collecting your password to be generic password
Grant thank you. Your content is always excellent!!
I learned it from the hard way. My accounts linked through google Password manager, including my Google account, got compromised by a phishing auto token grabber. I am also learning Security Awareness and all browsers create a specific encrypted file with ALL passwords with jumbled text. With that file, they can use a cracker to get every single email and password in just a click. It is absolutely unacceptable. You are best just making your own strong password and write it in a small journal/composition book.
Time to time chrome has fixed the patch effectively , no need to worry about security issue its just info video
I know I asked this question before but do you know anything about cryptography? Just curious
I do know the basics of cryptography, but I am not well-versed in the area of how the algorithm actually works or was developed from the mathematical perspective (math probability, etc).
Use password managers! I recommend bitwarden
1. Close your remote access if not necessary.
2. Do not use unsafe public networks if your machine is remotely accessable.
Agree!
Lots of Tricks to fetch ur browser password
So, in conclusion, really, saving your passwords in your browser is fine just as long as you keep everything updated, and you keep your network and home OS secure from RATs exploiting backdoors.
Cool..Thats a great tip
Thanks man😅😅
currently using bitwarden with the chrome extension. Is the extension okay to use security wise?
Yeah, good question.
Good question. I haven't personally used BitWarden. I would say yes. Best possible solution would probably be a local password management such as KeePass.
@@collinsinfosec Bitwarden also has a self hosted version and its code is visible for everyone to see and inspect as oppose to some other password mangers
I have done this on the past :(
Saying that it is easy to steal passwords from the browser is wrong in my opinion. I mean, probably the browser is not the best place, but it's not even the worst place. At the same time it's not that easy to have access to another person's computer in a real world scenario.
Hi grant can you make a video on programming in security and if OOP is needed for security
After some here and there I am able to decrypt the password saved by chrome which is above chrome version 80.
How are they going to get access to my machine. Also all my passwords are linked to a G-mail account that has a backup account in my service provider and also a phone contact so finding my password to IG or Tik Tok would be pretty temporary. I am a bit worried about when I do sign up for online banking as I don't believe banks are that bright generally and I'm a bit leary of PayPal too although they may be smarter than the bank in matters of IT and Security.
I'm from the future, I've already seen the whole video.
What is going to be the next vid? 😂
Okay... just so you know you can't tell this to anybody, the next video is going to be a crash course about the bash terminal and permissions in Linux for cybersecurity reasons.
Incredible,I don't believe.
Can you guess what I am thinking... 🤔 (**cough dee boo dah **cough).
@@collinsinfosec Exactly! You got one secret, your biggest goal that you want to accomplish is making the "dee boo dah" virus go viral and take over the world with the new ransomware technology you're secretly working on. Sorry, but you asked me for this so the world has to know now...
You kinda remind me of Eddie Brock Jr. In Spider-Man 3 (2007)
U should save ur passwords in lastpass its the best
Dude if someone already has remote code execution you lost. This is kinda fumb, like even if you encrypt your passwords, you have to type your master password to decrypt, which if you system is compromised to this level, you lost as well.
Is it the same problem if you use your password manager as an extension in your browser? That seems to be the only solution for autofill, but I always wonder if it leaves your data clear out in the open after you've unlocked it.
Apparently if you store your passwords with Keepass 2, it has an autofill feature where you just tab into Keepas, press Paste (Ctrl + V) and it will autofill the username AND password for you on the webpage. I just found this out today. Might actually use it solely for this one, neat feature.
Meanwhile my mind thinking how to update the code to work on chrome ver 88
Great explaining.
Great video Thank you fro telling
The average person WILL NOT have python installed. And as mentioned in the comments, having full access of target computer is a moot requirement for this test. Target already has issues.!
lol, this is just a bit overcomplicated process for a simple expected result. If an attacker has full access to the victim's PC, he can get the passwords stored in the browser in less than 5 secs.
The best advice if you store passwords in the browser is to get the USB security key and enable 2FA requiring security key and store passwords only for the services that have 2FA enabled. Attackers can still have your passwords but can't do shit about it to get access as long as you have the security key. The rest of the passwords should go to your password vault like Keepass. Also, don't trust online password managers, instead use offline password managers like Keepass.
This type of attack can be used on any password manager. The solution here is to have a hardware password manager. There are a few out there but they are not that good for example, Ledger Trezor and Mooltipass Password Managers.
Google Patch this
(Locked Database)
Can I save passwords in my Google account only? Not in any browser. I have to save passwords in my Google account only because I can't remember all passwords from all website. Can you give me possible way to solve that problem?
Thank you thank you thank you, finally I convence my family to stopped this practice
i didn't even stored my passwords in browser but because of malware they take away all login details of the accounts which i logged in the browser like insta,fb,youtube and google account...........even the 2 key factor authentication is on still they hacked my accounts
I disagree with your entire premise, and especially the title. Storing your passwords in the browser is 100x better than trying to remember them, since password reuse is a far worse risk.
Lastpass or other software that allows you to set a master password may be slightly better, but malicious software can either keylog the master password or just extract it from memory. In short, there is no reliable way to keep passwords secure on an infected machine. You should focus your efforts on preventing infection in the first place.
I do understand where you are coming from. But I would have to disagree with this opinion. A password management solution is far better as I suggested at the end of the video. I do agree with your last statement.
isnt lazagne and the python blocked by most antivirus nowadays?
please
Can browser extensions steal saved passwords from the browser?
what is the need for noisy background music?
fairly certain that's why you set a master password in your browser
good thing i save my passwords in youtube comment sections
Thank god my password is written in my wallpaper
Bad thing is Lazagne does not work well on Windows
How safe would saving passwords in a .png file be? Just open it with notepad.
Good info but you could have left all the details out for hackers our there on all the tools to use and process to hack someone's password.
From the beginning i always store my passwords in a encrypted usb and the decryptor is sonewhere lol
What about pass? I mean pass
the standard unix password manager
How about Lockwise by Firefox?
A friend got hacked and the hacker sent me an exe that I foolishly opened. He got all of my chrome passwords. He must have used the project tool described here to get my chrome passwords. I checked for any suspicious incoming established connections and my anti virus/operating system is picking up nothing. Should I still be concerned after changing my passwords? I am using a VPN but I'm not sure if that did anything in this situation.
well I wrote a password encoder that encodes a json file into a wav file. All you can hear from it are bunch of beeps with a frequency of 8000 and 9000 Hz. I copied the wav file into all of my devices. Decoding it will be easy but no one could guess that lol.
Glad i have my own software for storing these
whoa teach me
and if using 2FA?
But is it applied to mobile devices also?
Your Awesome
You’re most likely fine to store your password in browsers as long as you don’t install or use software that are dubious. Like come on, the attacker would have to have control over your computer, that’s not easy unless you’re asking for it.
Yep that is correct. As hinted at in the limitations section, an attacker would need to have access to your machine. The demos were just a couple examples of how post-exploitation could happen in the real-world scenario
Thank you for new virus attack idea, i use python...
You must suck at it to think that this is a new idea XD
@@Kaos.117 i do suck XD, but actually i had a virus idea since i started the Pythin XD, how evil am i...
How about LastPass?
What about encryption by chrome?
Thanks
Did u edit this video in linux?
Is it safe to save in password managers like bitwarden,dashlane etc
Yes. Bitwarden encrypts end to end.
Hey what things can cause someone get access to control ur system ? Someone tried to log into my fb I’m sure they got the password from my pc bit idk how they keep getting access to it
Thanks man👍🏻
If the passwords are encrypted with SSL (now is more common) this will not work :)
mine saved at keep
I use bitwarden
I have passwords in encrypted vault on my phone
thanks
Do not save passwords in Google or any website logins
What if you just put your passwords on paper... 😐
That's way too work for getting pwd. You need to make sure user has Python installed (which is common in programmers computer only) and then you need to run that script. for that u need remote access and that's not a joke. If u get it you basically owns the device. U can even run a ransomware's attack much less a script to get pwd
USEFUL VIDEO
No. It's misleading
Hey bro i am getting virus attack from last 2 month which is crypto tab browser. This virus destroy my system many of time. Please help me
This is amazing! Thank you
can fond someone anther pc or laptop browser history
did you reported that as bug bounty to google ?
🤣
eh, redundant no? i mean if someone has access to your pc can't they just dump cookies and bypass both the password and the 2fa since that cookie session is already authenticated?
but nobody have python installed
Well, where else am I supposed to store them? Other services either are on the cloud which runs in the risk of losing everything if thst service dies or is not free, and paying for the access of your passwords suck. Tell me if there is a better FREE SECURE password manager than Ill chanfe my mind.
Also, the only way this can happen is if someone stole my device. Thst isnt going to hapoen anytime soon. Even if so, Google has many ways to prevent compramise.
Pen and Paper
@@Servidor_Publico_do_Ancapistao Again, not free and worse than a browser insert seeing as I have to find rhe paper (if its burried somewhere) and type it letter by letter cause no automatic insertion and "********" (not everything has Shoe Passseord)
Ya i stored password in chrome 🙃
I thought this would be a password manager ad
(Edit) Oh
Save in safari then
I love u
Even in your own pc?
If you want "optimal" security - I would say yes, even on a personal PC.
well i already never clicked the button cuz i have a other password manger
You can set a masterpassword in Firefox to prevent this. But at that point why not just install a proper password manager
A password manager is better but
Firefox is free
Nothing will work
Hackers are smarter
I know hackers hack the system and crack all the passwords
Thanks Grant !
Why aren't the browser hashing the passwords by default? What's the reason in your opinion?
Greets from Germany
Hashing passwords would render them useless here, since they have to provide the full original password to the website.
Hey! Browsers do encrypt the passwords when stored, but you can decrypt them as well if you had access to the machine. Hashing wouldn't be a viable use case here.
@@collinsinfosec thanks for the response.
Besides using for example LastPass, is there any other in built Browser solution in sight?
@@DiekiKondrael I'm sorry, I don't get it. Didn't the browser already send the full password? I mean, that's why you don't have to type it manually.
? Do you know sth?
hahaha sorry but if you have full access you can directly do the hell lots of things in one go like ssh or list all the things in his own shell and then attack on it or download everything from it and can do more and more and more
Nice
So that is why i lost my epic and steam account...
Hi sir.......😍😍😍😍
Nice.