Disclosing six security issues today. Most of these aren't terribly important but demonstrate lack of attention to security-relevant details.

@WPalant Have you had any of the password managers cry foul when you disclose vulnerabilities, on account of your work on PfP?

Curious if they feel like you’re sort of “playing both sides”, or if it makes them feel more comfortable that you’re familiar with the needs of their product.

@nbering They probably would have if PfP had a million users or so. But it has a few hundred so they won't bother. And it's not a commercial project either, I'm not benefiting from it in any way (other than having a product I can use myself that is).

On the other hand, my work on PfP is indeed the reason why I understand the challenges involved and can identify the issues.

@nbering Actually, I think that 1Password devs have considerable insight into the shortcomings of their competition but are holding back for the exact reason you mentioned. 😀

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.