Erik van Straten<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@_calmdowndear" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>_calmdowndear</span></a></span> : I just did some tests.</p><p>I have an Android (Google Pixel) phone configured to use autofill for KeePassDX, and an iPhone to use autofill for Keepassium and iCloud KeyChain.</p><p>All browsers on those phones warn me that the connection to my home router at</p><p>http:⧸⧸192.168.178.1 (*)</p><p>is insecure, but neither each operating system's Autofill, nor the password managers mentioned, warn me that http is being used when "autofilling" a password.</p><p>(*) I'm using the Unicode '⧸' instead of the ASCII '/' to prevent Mastodon from hiding the protoco prefix (and turning it into a clickable link).</p><p>I also tested the Firefox for iOS built in password manager using the iOS autofill feature (selecting autofill for Firefox deselects it for KeePassium; apart from iCloud Keychain one other manager can use autofill). Also Firefox for iOS did not give an additional warning for filling in a password on a server via an http connection.</p><p>Notes:</p><p>• In each password manager I specified:</p><p>https:⧸⧸192.168.178.1 (*)</p><p>so the https:// prefix seems to be ignored in all cases. </p><p>• There's a slight chance that each password manager recognizes the IP address as a private range address (RFC 1918), but I'd be surprised if those password managers would act differently in case of a routable IP-address.</p><p>• WebAuthn insists on using https, making passkeys and FIDO2 hardware keys (in FIDO2 mode only) more secure.</p><p>• Weak 2FA (SMS, voice, TOTP) does not check domain names nor the communiccation protocol used.</p><p>I've not tested any PC configurations.</p><p><span class="h-card" translate="no"><a href="https://chaos.social/@brahms" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brahms</span></a></span> </p><p><a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManagers</span></a> <a href="https://infosec.exchange/tags/http" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>http</span></a> <a href="https://infosec.exchange/tags/httpConnections" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpConnections</span></a> <a href="https://infosec.exchange/tags/InsecureConnections" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsecureConnections</span></a></p>
mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.
Administered by:
Server stats:
8.2Kactive users
mastodon.world: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0
#httpconnections
0 posts · 0 participants · 0 posts today
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Techniques" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Techniques</span></a><br>It’s dangerous to go alone · Ways to ensure your HTTP clients are pitfall-proof <a href="https://ilo.im/1580eu" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/1580eu</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backend</span></a> <a href="https://mastodon.social/tags/HttpClient" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HttpClient</span></a> <a href="https://mastodon.social/tags/HttpConnections" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HttpConnections</span></a> <a href="https://mastodon.social/tags/Handling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Handling</span></a> <a href="https://mastodon.social/tags/Monitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monitoring</span></a> <a href="https://mastodon.social/tags/Debugging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debugging</span></a> <a href="https://mastodon.social/tags/Testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Testing</span></a> <a href="https://mastodon.social/tags/Pitfalls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pitfalls</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload