Google Password Manager Ahora es una Aplicación Independiente en la Play Store

Google ha lanzado una aplicación independiente para su gestor de contraseñas en la Play Store, un movimiento que busca facilitar el acceso y la gestión de contraseñas en Android, independizándolo del navegador Chrome y de los servicios de Google Play (Acceso a la App desde Android).

El gestor de contraseñas de Google, una herramienta integrada en Chrome y en los servicios de Google Play, ahora se encuentra disponible como una aplicación independiente en la Play Store. Esta decisión de Google tiene como objetivo mejorar la experiencia de usuario, permitiendo un acceso más rápido y directo a todas las contraseñas, direcciones de correo y datos de tarjetas de crédito guardados en la cuenta de Google.

Aunque la funcionalidad principal del gestor de contraseñas no cambia, su disponibilidad como una aplicación dedicada simplifica el proceso de inicio de sesión y de administración de credenciales en los dispositivos Android.

La nueva aplicación, que ya puede ser descargada por los usuarios, elimina la necesidad de navegar a través de los menús de la configuración del sistema o del navegador para acceder a los datos de inicio de sesión. La interfaz de la aplicación es limpia e intuitiva, y está organizada para que los usuarios puedan encontrar y gestionar sus contraseñas de manera sencilla.

Google ha estado trabajando para unificar su ecosistema de productos y servicios, y el lanzamiento del gestor de contraseñas como una aplicación independiente es otro paso en esa dirección.

Major password manager extensions—1Password, Bitwarden, LastPass, Enpass, iCloud Passwords & LogMeOnce—are vulnerable to clickjacking attacks that risk exposing login credentials & sensitive data.

Bitwarden patched the flaw ; others lag behind. Users should update extensions & disable autofill until fixes.

@1password
@bitwarden

https://www.techspot.com/news/109149-lastpass-1password-bitwarden-extensions-vulnerable-clickjacking-attacks.html

Gestore delle password Google: Material 3 Expressive e app
#Aggiornamenti #Android #App #Design #GestorePassword #Google #Material3Expressive #Novità #PasswordManager #PlayStore #Scorciatoie #TechNews

https://www.ceotech.it/gestore-delle-password-google-material-3-expressive-e-app/

#Zeroday #Clickjacking #exploit impacts several #passwordmanagers

https://www.ghacks.net/2025/08/21/zero-day-clickjacking-exploit-impacts-several-password-managers/?utm_source=mas.to&utm_medium=social&utm_campaign=&utm_term=&utm_content=&utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO&utm_id=&utm_creative=&utm_channel=mastodon_organic&utm_platform=desktop&utm_location=argentina&utm_language=es-ar&utm_variant=

Password Managers Vulnerable to Data Theft via Clickjacking https://www.securityweek.com/password-managers-vulnerable-to-data-theft-via-clickjacking/ #Vulnerabilities #passwordmanager #DataProtection #vulnerability #research

Password Managers Vulnerable to Data Theft via Clickjacking https://www.securityweek.com/password-managers-vulnerable-to-data-theft-via-clickjacking/ #Vulnerabilities #passwordmanager #DataProtection #vulnerability #research

I går var jeg i en købmandsbutik langt ude på landet på Mors. Ved kassen foran mig stod en ældre dame ( nej hun var faktisk gammel!) som ikke kunne betale det hundefoder hun havde i kurven, fordi hun ikke kunne huske PIN koden til hendes Dankort. Ekspeditienten kunne hjælpe: de havde simpelthen en liste med PIN koder fra deres trofaste gamle medborgere!
#dankort #passwords #passwordmanager

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html

Okerreko webgunean click egin eta zure pasahitz guztiak arriskuan egon daitezke.

Kontuz pasahitz kudeatzaileen nabigatzailerako pluginekin.

https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html?m=1

Are you using a password manager from
@1password, @bitwarden, @dashlane, #EnPass, #iCloud Passwords, @KeeperSecurity, #LastPass, @nordpass @protonprivacy or @roboform ?

Then you better check this and make sure that your web browser extension is up to date: https://marektoth.com/blog/dom-based-extension-clickjacking/

Yikes, some of the responses by these companies to a vulnerability in their password managers would inspire me to never do business with them. 1Password has two replies:

"As noted in our bug bounty brief: "Clickjacking the autofill action for the personal identification item has also already been reported in previous programs, and will not be reconsidered at this time."

"Nobody is denying that there is the potential for clickjacking. We understand that the presence of XSS vulnerabilities can potentially increase the impact of clickjacking attempts, this is a general security principle that applies universally and is not unique to our application. Our stance is that if a user visits a vulnerable website, that is outside of our control, just like if a user visits a malicious website or has a compromised device."

Bitwarden and some others are working on solutions to this potential problem, instead of happily taking the money of others without trying to patch potentially dangerous vulnerabilities like 1Password.

Even though I don't browse dangerous sites, I have uninstalled the Bitwarden extension and will use the desktop version, as malicious actors can be clever and hijack a legit site due to some weird flaw.

https://socket.dev/blog/password-manager-clickjacking

https://www.reddit.com/r/ProtonPass/comments/1mva10g/psa_proton_fixed_a_security_issue_in_pass_that/

I usually don't spend a lot of time on Reddit, or especially forwarding/posting Reddit stuff, but this one caught my eye.

If you are a 1Password user, there is a currently known vulnerability, that they are refusing to fix, and other Password Managers have already addressed.

More info on the exploit here: https://marektoth.com/blog/dom-based-extension-clickjacking/

The comments contain links to test your current password manager & more.

The 20i FOSS Awards are here!

If you value free, open source, self-hosted tools, this is a great moment to show your support. Passbolt is running for the Best Open Source Password Manager, and your single click can help us win this year.

But hurry! Voting ends on September 1, 2025.

Vote here https://www.20i.com/foss-awards/category/password-manager

Thank you for your continued support and contribution.

For managing passwords securely, our top pick is @keepassxc. This password manager is open-source, cross-platform, and stored locally so your data stays fully under your control.

I wrote down a bit more about my password manager requirements and why I find keepass not adequate.

https://www.splitbrain.org/blog/2025-08/17-password_manager_woes

#passwords #passwordmanager #keepass #bitwarden #blogpost

is there a selfhosted password manager service that works offline? eg. I can save or edit passwords in the client (app/browser extension) and it will be synced once the password manager service is reachable again?
I had assumed bitwarden/vaultwarden would work like that, but it doesn't.
I don't want the system to be hosted online, only in my local Lan.

#passwordmanager #selfhosting #bitwarden #vaultwarden

Why security experts recommend standalone password managers over browser-based options

https://bitwarden.com/blog/beyond-your-browser/

Twoday, in addition to starting the switch from Proton to Tuta, I have deleted a bunch of useless accounts, and sent some deletion requests to some that choose not to make it easy. Now I need to find a new password manager and cloud storage provider. It seems that pCloud is the only good one (?) without any US-connections, but apparently there are plans to compromise the so far very good Swiss privacy laws. I hate this. Modern Life Is Rubbish. #Privacy #Email #CloudStorage #PasswordManager