Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A good start would be doing what Microsoft already does for Edge's Password Manager. It separately encrypts the database with the user's creds and triggers a prompt for them when the feature is accessed. It doesn't solve all the attack vectors but it would be a good start.

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-...

With Edge specifically its not really clear to me when the prompt is required but its at least sometimes as you can see here:

https://support.microsoft.com/en-us/topic/edit-your-password...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: