Macworld Forums

Macworld Forums: Researcher: Chrome, Safari password managers need work - Macworld Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Researcher: Chrome, Safari password managers need work

#1 User is offline   Macworld 

  • Story Poster
  • Group: MW Bot
  • Posts: 34,402
  • Joined: 30-November 07

Posted 15 December 2008 - 09:37 AM

Post your comments for Researcher: Chrome, Safari password managers need work here

#2 User is offline   jrevere 

  • Member
  • PipPip
  • Group: Members
  • Posts: 54
  • Joined: 02-December 06

Posted 15 December 2008 - 10:07 AM

I'm using 1Password. According to the documentation it looks for an exact match on url. I'd like to think it is pretty good but if anyone has had a different experience I'd surely like to know.

#3 User is offline   jpmhughes 

  • Veteran
  • PipPipPip
  • Group: Members
  • Posts: 1,129
  • Joined: 15-June 01

Posted 15 December 2008 - 10:16 AM

I took the online test but I don't know how accurate it may be.
A couple of times a new e-mail message window opened up instead of taking me to a website i.e. "localhost".
Once a certificate warning opened up, I canceled but the test mentioned nothing about it.
So, eh. I guess it's really like anything else where the user just has to watch out what he or she is doing and be careful as to what sites you enter information at.
It's the simplicity vs. security quandary again.

#4 User is offline   dreyfus 

  • Member
  • Group: Macworld Insiders
  • Posts: 975
  • Joined: 05-January 06

Posted 15 December 2008 - 11:39 AM

I had to re-read the article several times, trying to make any sense out of it and I had to give up...
So the two "flaws" are:
- You can be fooled, if both hosts are on the same domain... big deal, which credit card company or bank has its account login on MySpace, Facebook or whatever? Sorry, this is bunk.
- The login page can redirect you to another domain? That is big news. Of course it can - on most dynamic Web pages the browser (or password manager) can not even see where the submit action will take it, and even if it could - the next page might contain a redirect within the same domain and a third one will take you to xyz... this is not a browser security issue at all. If you bank or CC company has no control about what is hosted on their domain, there is no security. No difference at all if using Opera, Firefox, Safari or Lynx. Implementing any such functionality is pretty much impossible, as most institutes will e.g. host homebanking applications under a different subdomain than the main company page, which will contain login boxes for entering credentials. You would have to get all banks, etc. to redesign their sites for maximum security... not a browser issue at all. Would Chapin also want browsers to take care of man-in-the-middle attacks?! How?
Safari/Keychain and 1Password handle passwords perfectly well and as secure as possible, as long as the OS has not been modified by malware – so far there is none (cannot say anything about Chrome, as there is no OS X version yet). Actually, my German bank uses several different hosts for money transfers (seems to be a load balancing thing) and after login I am redirected to a host with available capacity. Neither Safari nor 1Password automatically fill in the password, if I have not used that very host on the same domain before – I have to manually go into the keychain and display my password to retrieve it. It can hardly be any safer.
I think Chapin follows the golden rule here: Mention Apple or Google and make yourself a name in no time, even if all you say is BS.

#5 User is offline   zetal 

  • Member
  • PipPip
  • Group: Members
  • Posts: 62
  • Joined: 22-January 08

Posted 15 December 2008 - 12:05 PM

100% with Dreifus!
Safari Password is as safe as long as a user is browsing r-e-s-p-o-n-s-i-b-l-y.
The only websites where it's better to input the password manually are banks, paypal and other money related.
For the rest Safari Password is PERFECTLY! SAFE!

Share this topic:

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users