• Mikina@programming.dev
    link
    fedilink
    English
    arrow-up
    10
    ·
    5 months ago

    A good reminder to always set your password manager to auto-lock (with PIN for convenience) after 3-5 minutes. The PIN makes it easy to re-log, while not being bruteforceable (AFAIK after few failed attempts it reverts to password), and if someone would get to your PC, either physically or remotely, they won’t be able to get all your passwords.

    One of the best jackpots I’ve ever found during Red Teaming engagements was when I RDPd to a server through pass-the-hash, only to find an unlocked password manager with passwords for most of the other servers, service and admin accounts.