Password manager report gets researcher booted from Bugcrowd February 19, 2019 https://www.cyberscoop.com/bugcrowd-adrian-bednarek-lastpass/
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations https://threatpost.com/1password-dashlane-keepass-and-lastpass/142037/
Password managers remain an important security tool despite new vulnerability report February 26, 2019 https://www.itworld.com/article/334...ty-tool-despite-new-vulnerability-report.html
It's quite hilarious just how many people still don't use password managers, the avg person likely hasn't even heard of this thing, and many people who have think it's something very very advanced. No, it's very simple. You don't have to type usernames/emails/passwords anymore, the password manager does it automatically for you, and even logins you so you don't have to click login or press Enter, assuming the site hasn't remembered you. The password vault is synced across devices, so you don't have to worry about that too, and even if you lose all your devices, it's synced to the servers, you just need to login with your password manager's account and you've got everything back. Long and complex passwords that cannot be cracked assuming they're properly encrypted in the website server database (at least without using quantum stuff). And all that for FREE. I use Lastpass for chrome (and chromium browsers), and it's completely FREE, including the password vault sync. Oh yeah, and there's 2FA for your master password. I can't imagine going back to the pre-password manager era
It appears that FIDO and FIDO2 for hardware second factor mitigate almost all of the initial risks here. Next, this whole weakness depends upon your actual hardware being controlled by malware or totally pwn'd.
