Google's Data on Login Thefts
This is interesting research and data:
With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data.
[…]
Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging. In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches.
The report.
me • November 13, 2017 6:36 AM
this means that i need a password manager:
i always avoided them because i think they can’t protect me in case of keylogger.
so i never saved a password (if it is not stored you can’t steal it).
in this way a keylogger could steal only a password that i write while the keylogger is present.
for example if i am hacked today and antivirus find the keylogger tomorrow only the password inserted between today and tomorrow are compromised.
if i was using a password manager or saving the password i had to assume that ALL my password were compromised.
but…
from the number of databreach and from this research that confirm my idea i have to assume that is easier to compromise third party than my pc.
also having a different password for each important service (and the same weak for all the other stuff) is not scaling well.
also thanks to Qubes OS i can finally have a secure password manager.