Major security issues found in popular password managers

Discussion in 'other security issues & news' started by Minimalist, Feb 19, 2019.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,996
    Location:
    Here
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    13,147
    Password manager report gets researcher booted from Bugcrowd
    February 19, 2019
    https://www.cyberscoop.com/bugcrowd-adrian-bednarek-lastpass/
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
    Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
    https://threatpost.com/1password-dashlane-keepass-and-lastpass/142037/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    13,147
    Password managers remain an important security tool despite new vulnerability report
    February 26, 2019
    https://www.itworld.com/article/334...ty-tool-despite-new-vulnerability-report.html
     
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    It's quite hilarious just how many people still don't use password managers, the avg person likely hasn't even heard of this thing, and many people who have think it's something very very advanced. No, it's very simple. You don't have to type usernames/emails/passwords anymore, the password manager does it automatically for you, and even logins you so you don't have to click login or press Enter, assuming the site hasn't remembered you. The password vault is synced across devices, so you don't have to worry about that too, and even if you lose all your devices, it's synced to the servers, you just need to login with your password manager's account and you've got everything back. Long and complex passwords that cannot be cracked assuming they're properly encrypted in the website server database (at least without using quantum stuff). And all that for FREE. I use Lastpass for chrome (and chromium browsers), and it's completely FREE, including the password vault sync. Oh yeah, and there's 2FA for your master password. I can't imagine going back to the pre-password manager era
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,136
    It appears that FIDO and FIDO2 for hardware second factor mitigate almost all of the initial risks here. Next, this whole weakness depends upon your actual hardware being controlled by malware or totally pwn'd.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.