Friends use password managers like lastpass or dashlane which have plugins for t

Question

Friends use password managers like lastpass or dashlane which have plugins for the browser, but not for the email clients (thunderbird or livemail). But surely the email password is the Achilles heel of security because if you have that you can easily perform password resets to get access to any websites used.

If the password manager doesn't protect your email client a trojan can steal your email profile containing the email passwords.

Of course if you don't use an email client you don't have this vulnerability, but many still do. Many people use password managers and email clients so where's the flaw in my logic?

Explanation / Answer

Many email clients protect the password in similar ways to a password manager (and some do not). No flaw in your logic, although once you get malware designed to steal password manager passwords, all bets are off anyway.

That's once reason why 2FA is so important. By setting up 2FA, even if malware gets your email password, they cannot use it apart from your system. They would need to control your email client in order to use the "password reset" functionality you mention. Is it possible for attackers to do this, yes, but the level of complexity is much higher than simply grabbing a password from memory/configs.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.