Phishing Your Password Manager

From my Children’s Book, “B is for Blue Team”

UPDATE: The founder of 1Password responded to this blog after it was posted and explained that the majority of password managers out there leverage Mozilla’s Public Suffix List (PSL) to determine how the domain is to be treated. He looked and saw that Auth0 was not on the list for whatever reason, so it seems likely some of these password managers do actually take subdomains into consideration, as long as they’re on the PSL. It seems…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store