logoalt Hacker News

ignoramousyesterday at 7:36 PM2 repliesview on HN

> This issue is inherently unfixable by ANY password manager, because the process model of the underlying OS isn't itself secure

Usually the confidential bits are hardware isolated away from the supervisor (host kernel/OS) in Enclaves/TEEs, Realms, Secure Elements, Security chips, etc.

Replies

oasisaimlesslytoday at 1:40 AM

No, that is actually very rare, not typical. Do you have any examples of password managers that do that?

jazzyjacksonyesterday at 7:42 PM

One more reason to use hardware-bound passkeys and not passwords.

show 1 reply