Security researcher raises questions about trackers in LastPass Android app

2»

Comments

  • Reply 21 of 22
    gatorguygatorguy Posts: 24,769member
    gatorguy said:
    MplsP said:
    rattlhed said:
    On iOS, I don't see why people feel the need to use password managers at all since iOS directly supports automatic password storage.
    Not all my device uses are on iOS.  My home desktop is a Windows based computer using Firefox.  And my work laptop is a windows based laptop using Chrome.  Safari is no longer supported for Windows machines.  Losing the ability to store and use my passwords across all the devices I use would be a real pain and defeat the purpose of using Last Pass.  
    Okay, fair point. I suspect that most users do not use multiple platforms. I'm not really sure what the percentage would be, though.

    But personally, I wouldn't use a work computer to access personal sites that require my passwords. It not only seems unethical to me, but some offices have significant abilities to read all their users' laptops contents and sessions.
    I suspect there are a lot of users that have iPhones and windows desktops/laptops. Also, as rarrlhed pointed out, keychain only works with Safari, so if you use another browser you’re either stuck with an incredibly cumbersome workflow or you switch to a 3rd party password manager. 
    I agree that if you use another browser than Safari then you're losing the benefits of Apple's Secure Enclave and therefore you've already lost good security so using a password manager isn't much worse.

    When you say "lots" of users use both Windows and iPhones, I agree in terms of absolute numbers but not in terms of percentage of users, and Apple has no ability, let alone obligation, to support non-Apple users. Because non-Apple users don't have Secure Enclaves.
    I agree with you on every point but the last one, even if what it's called is different depending on who implements it. 
    I thought that the secure enclaves for other smart phone developers were written entirely with software rather than hardware (that used to be the case), which is why I made that claim in the last sentence. But then I remembered that recently other vendors have started using separate chips also, just like Apple's T2 chip. So I guess I have to concede that some smartphones are now building hardware enclaves also. https://www.howtogeek.com/387934/your-smartphone-has-a-special-security-chip.-heres-how-it-works/ I'm not sure if I trust these johnny-come-lately copycats yet, but eventually I will be persuaded that they are decent and they will have caught up to Apple in my eyes.
    Fun fact: Before Apple Pay and the iPhone's Secure Enclave there was the Nexus S from Google with their Secure Element. Both were hardware-based, separate secured chips for holding encrypted payment credentials. Bad timing and competing plans from carriers ensured its eventual complete rework, but did at least serve to put Apple further down the mobile payments path turned superhighway, finding success where Google did not. 
    https://nfctimes.com/blog/dan-balaban/motorola-gives-google-chance-control-more-secure-elements

    Fun Fact #2:
    The Secure Element for that Nexus (Google) phone utilized a NXP 65 with embedded Secure Element chip (PN variant). When Apple rolled out the iPhone 6 and Apple pay guess what chip was at the heart of it? The NXP 65 with embedded Secure Element chip, now the V10 variant.


    edited March 2021
    muthuk_vanalingam
     0Likes 0Dislikes 1Informative
  • Reply 22 of 22
    22july201322july2013 Posts: 3,844member
    gatorguy said:
    Fun fact: Before Apple Pay and the iPhone's Secure Enclave there was the Nexus S from Google with their Secure Element. Both were hardware-based, separate secured chips for holding encrypted payment credentials. Bad timing and competing plans from carriers ensured its eventual complete rework, but did at least serve to put Apple further down the mobile payments path turned superhighway, finding success where Google did not. 
    https://nfctimes.com/blog/dan-balaban/motorola-gives-google-chance-control-more-secure-elements

    Fun Fact #2:
    The Secure Element for that Nexus (Google) phone utilized a NXP 65 with embedded Secure Element chip (PN variant). When Apple rolled out the iPhone 6 and Apple pay guess what chip was at the heart of it? The NXP 65 with embedded Secure Element chip, now the V10 variant.
    That roughly jives with what I remember. You must know what you are talking about here. Which is rough for me to admit because I don't remember your name as someone who I tend to agree with. :-) I guess we agree from time to time.
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.