Curtis Brazzell

Sep 25, 2020

7 min read

Phishing Your Password Manager

From my Children’s Book, “B is for Blue Team”

UPDATE: The founder of 1Password responded to this blog after it was posted and explained that the majority of password managers out there leverage Mozilla’s Public Suffix List (PSL) to determine how the domain is to be treated. He looked and saw that Auth0 was not on the list for whatever reason, so it seems likely some of these password managers do actually take subdomains into consideration, as long as they’re on the PSL. It seems…