Good news, Bitwarden has fixed this issue so it's not longer vulnerable! github.com/bitwarden/clients/pull/4994
@kyn1xx Жыл бұрын
so its safe to have it enable??
@teachmecyber Жыл бұрын
Yes, it's safe to use now!
@kyn1xx Жыл бұрын
@@teachmecyber but the warning is still there...
@mr.boniato6402 Жыл бұрын
This is one of the great benefits of open source!.. there's a problem, someone will fix it!
@SummitMTB Жыл бұрын
I never use autofill anyway it doesn't work very well in the first place. Great video btw, lots of info condensed into a highly digestible video - love it thanks!
@teachmecyber Жыл бұрын
I've found your mileage can vary with auto fill depending on your setup and the password manager. It's gotten better but some apps or sites can be troublesome. Thanks for the feedback!
@manny7886 Жыл бұрын
I never use auto-fill because I only store my passwords partially. A little inconvenience to copy and paste my username and passwords + add the missing characters but it gave me a piece of mine. I'm not worried if BW got hacked, the hacker still don't have my complete passwords.
@teachmecyber Жыл бұрын
I've heard similar tactics from others as well. It's a pretty cool way to do it. You could still use autofill to make it a bit easier and then add your manual character at the end. It's a cool little hack!
@freewilly855711 ай бұрын
Partially storing your password and not auto filling is good advice if you use a password manager. This content creator is just advertising. His videos just explain how convenient it is to use password managers. There are always dangerous exposures if you store your passwords anywhere. The different password managers just have varying amounts of risk. Your practice of storing a partial password and adding something you remember is the best practice which ensures that your full password is never available anywhere.
@xileets5 ай бұрын
So It's like salting the data? Interesting. How much salt do you add? Is it a nonsense string? There is also always the possibility that a password is stored in a server as plain text instead of as the hashed value.
@manny78865 ай бұрын
@@xileets - It's up to you how many character(s) you want to add. In my case I add my driver license number.
@tuams Жыл бұрын
At least nothing crucial. Thank you for keeping us in the loop!
@teachmecyber Жыл бұрын
An edge case that hopefully stays minimal! Hopefully this gets Bitwarden to push a fix as well to close this out.
@Haik-to-the-o3 ай бұрын
Thank you for a great content !!!
@alejandroschab2764 Жыл бұрын
Which password manager do you recommend among these 4 in your free plan? I am between Bitwarden, Dashlane, Nordpass or Protonpass. thanks
@teachmecyber Жыл бұрын
I would go for Bitwarden or Dashlane. I value firms that focus on their key products.
@Tech-geeky Жыл бұрын
Don't go for Lastpass, like me.. I gather BitWarden doesn't have "monitoring of dark web" and other features you get with Lastpass Premium. but that would be "user chose to gave it up" type thing anyway before a attack happened.
@BooleanDev Жыл бұрын
bitwarden or KeePassX, dont use anything from Nord
@rinorbytyqi1439 Жыл бұрын
Hey is there maybe a plan for making a Q&A format?
@teachmecyber Жыл бұрын
What would you like to see for it?
@salmaniyafarooqui770311 ай бұрын
Heyy i need your help i broke my phone and lost all contacts and my master password as well for bitwarden how do i recover my bitwarden back
@teachmecyber11 ай бұрын
Check out this link. Your options might be limited here depending how you set it up. bitwarden.com/help/forgot-master-password/
@LouAnn10246 ай бұрын
Am I able to add an extension with my Safari browser?
@Demiarioch10 ай бұрын
Thanks for the edumucation anyway!
@teachmecyber10 ай бұрын
Always good to be aware of the risks!
@jakepthsd11 ай бұрын
Bitwarden a year ago didn't have that auto-fill or prompt-to-fill or select to fill feature ...that was why I went to another vendor! Not sure how much improvement Bitwarden has now ,,,but it seems to slack behind other vendor!
@teachmecyber11 ай бұрын
It's a bit like the Android vs Apple argument. Other password managers have a more streamlined interface and are easier to use but don't have as much customization, like Apple. Bitwarden isn't the best looking but it has most of the features and a lot more customization.
@xileets5 ай бұрын
EVERY bit of convenience other than memory in your brain is a *potential* security vulnerability. (Even your memory is a liability, for example, I'm presently working on developing security practices for older people who have memory issues.)
@drshepherd65675 ай бұрын
So just dont use the browser extension and youre good! Esay!
@Quizzical1064 ай бұрын
I don't get this. If I was on the proper website, it would not have a malicious on it. If I was on a fake site, it will not autofill.
@andriusbagdonavicius4686Ай бұрын
That's what I thought as well. I think having the autofill function is more beneficial than not as it prevents from phishing attacks since it won't autofill. Maybe someone could clarify this.
@jx5189 Жыл бұрын
So it is just when BW. autofill's on page load that is the problem? Once the page loads isn't the malicious still on the page what happens when I manually click autofill?
@teachmecyber Жыл бұрын
Well the good news is that Bitwarden fixed the flaw, so it won't happen automatically now when autofill is enabled. When you are using the manual autofill, BW will warn you if there is an untrusted that would get filled.
@craigmonty Жыл бұрын
@@teachmecyber So should we still disable auto-fill? Or is it ok to use now?
@عادل-خ5ت Жыл бұрын
@@teachmecyber please answer So should we still disable auto-fill? Or is it ok to use now?
@teachmecyber Жыл бұрын
All good to use now!
@tiagolima3241 Жыл бұрын
@@teachmecyber I from Brasil. Gostei do seu vídeo. Agora fiquei com medo de usar. Isso vale pra qqr navegador? Existe algum ajuste que não carregue esse ?
@deookello3825 Жыл бұрын
I guess it's not yet a life threatening procedure 😂
@teachmecyber Жыл бұрын
Thankfully this is a minor issue and one that has since been patched!
@fearless6947 Жыл бұрын
@@teachmecyber so now I don't need to check, if it's unchecked?
@teachmecyber Жыл бұрын
Correct, it will be off by default and Bitwarden fixed the underlying issue
@fearless6947 Жыл бұрын
@@teachmecyber thanks :) I appreciate your reply
@Tech-geeky Жыл бұрын
😆 Apple iFrame... Watch this space.... ..... Arn't all online password managers at "risk" then ? Lastpass has auto-fill has well, but as least we know now *why* its disabled by default. Since its disabled anyway, and the number of sites is 'low' for this risk, perhaps the option shouldn't be there at all. Stop that at its source. :) what would be the legit reason for this low risk exploit?
@teachmecyber Жыл бұрын
I see it as an oversight in the code. They didn't account for different s they could be sitting on the main web page. This has been fixed now thankfully!
@subscrypts Жыл бұрын
sweet!
@teachmecyber Жыл бұрын
Thanks for watching!
@thurm101 Жыл бұрын
I’ll just copy/paste.
@teachmecyber Жыл бұрын
That's a tried and true method. One benefit of the autofill (with user interaction) is that it can help you detect phishing sites. If you click on a link and it prompts for a login, your password manager will look for the URL. If it's not something it recognizes, there's no password to put in.
@Tech-geeky Жыл бұрын
I just drag'n'drop .... Doesn't go to clipboard that way