Please Sign In with Norton Account to Ask a Question or comment in the Community
Posted: 29-Jan-2023 | 8:48AM · Edited: 29-Jan-2023 | 8:54AM · Permalink
Posted: 29-Jan-2023 | 10:29AM · Permalink
Norton Password Manager was not breached. Usernames and passwords stolen from other websites were used to attempt to access individual Norton accounts. If you used the same credentials to sign into Norton as you use on other sites (a very, very BAD idea), then you were at risk of having your Norton account compromised. The fault for accounts that were potentially hacked lies solely with the users who failed to follow the most basic of password security practices, not Norton. Norton Password Manager is extremely safe, as it sits behind not one, but two logins (Norton Account and Password Manager -- please use a different password for each), offers two-factor authentication, and now requires a reCAPTCHA for sign-in to help prevent credential stuffing attacks.
Posted: 30-Jan-2023 | 5:34AM · Permalink
Posted: 30-Jan-2023 | 12:13PM · Permalink
The_Eagle_007:
I always use separate passwords for PM and norton account and have 2fa also. But the fact worries me that they tried to login using credential stuffing attacks over such large scale of Norton account.
Credential stuffing is only a threat to people who reuse the same log in credentials over multiple sites. I mean, anyone -- you or I -- can try to log in using a random name and password and hope to get lucky. Nothing a website can do to prevent the attempt, although the reCAPTCHA will hinder the use of bots to perform large scale attacks. As long as you use a different username/password on each site, this sort of attack cannot compromise any of your accounts.
Posted: 31-Jan-2023 | 11:21AM · Permalink
With all due respect. Key-Pass is saying much the same thing, denials. Their Dev's, dispute CVE-2023-24055 as stated below from the article. A 2019 workaround, that can be worked around, with another instance in a second directory, isn't a fix. Its sloppy.
In fact, a "Security Issues" page on the KeePass Help Center has been describing the "Write Access to Configuration File" issue since at least April 2019 as "not really a security vulnerability of KeePass."
Using NPWM we cannot create an enforced configuration file in any manner since Norton took that away by forced everything into the cloud. Maybe that itself, is the saving grace with NPWM. Time will tell.
SA
This thread is closed from further comment. Please visit the forum to start a new thread.