Major Security Flaws Found in Popular Password Managers -- Security Today

Major Security Flaws Found in Popular Password Managers

Independent Security Evaluators found some worrying flaws in popular password managers, but still suggest that you use one.

By Sydny Shepard
Feb 21, 2019

Password managers, which have been suggested to internet users from all cybersecurity experts, are convenient and ensure the security of your account, but what if they are the source of vulnerability? A new report suggests that these password managers may not be as secure as you might think.

Before you go and delete your password manager and revert all your passwords back to 123456, note that the researchers who found these vulnerabilities in the five most popular password managers, still think that you should use one.

The Independent Security Evaluators (IES) note that password managers are still a good thing, but found that they contain some worrying flaws on the security front, such as storing the master password for the application in the PC's memory in plaintext form.

ISE evaluated 1Password, Dashlane, KeePass and LastPass on Windows 10 and found that in some cases, the master password could be found in plaintext - no better than storing the password in a document saved to your desktop, at least when it comes to a skilled hacker.

"Using a proprietary, reverse engineering, too, ISE analysts were able to quickly evaluate the password managers' handling of secrets in its locked state," ISE said in an article about the flaws. "ISE found that standard memory forensics can be used to extract the master password and the secrets it's supposed to guard."

The organization said an urgent remedy is required to facilitate password managers effectively scrubbing out all data that could lead to a potential compromise of a users' accounts.

While these flaws are present in the password managers you might use today, it is worth noting that a hacker would have to first gain access to your computer to exploit this vulnerability. ISE says that password managers "add value to the security posture of secrets management," and help to avoid many bad password habits like weak passwords and re-using passwords.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

IDIS Americas Continues Expansion With Technology Innovation and Growing Team Ahead of ISC West
01/31/2025
Paxton Announces New US Headquarters in Greenville, SC
01/31/2025
Napco Introduces New StarLink Signal Strength/Site Survey Tool
01/30/2025
Arrow Security Adds Two Security Industry Leaders
01/28/2025
Security Industry Association Releases New and Enhanced Privacy Resources on Data Privacy Day 2025
01/28/2025
Security LeadHER Opens Call for Speakers and Registration for 2025 Event
01/24/2025
Stronger Together: Stone Security, BearCom Team Up
01/23/2025
Genetec Named One of Canadas 2025 Top Employers for Young People
01/22/2025

Featured

5 Tips to Improve Your Password Security

Change Your Password Day is right around the corner. Observed every year on February 1, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. Read Now
- Cybersecurity
Enhancing Port Security

DP World Yarimca, one of the largest container terminals of the Gulf of İzmit and Turkey, is a strong proponent of using industry-leading technology to deliver unrivaled value to its customers and partners. As the port is growing, DP World Yarimca needs to continue to provide uninterrupted operations and a high level of security.To address these challenges, DP World Yarimca has embraced innovative technological products, including FLIR's comprehensive portfolio of security monitoring solutions. Read Now
- Infrastructure
Hot AI Chatbot DeepSeek Comes Loaded With Privacy, Data Security Concerns

In the artificial intelligence race powered by American companies like OpenAI and Google, a new Chinese rival is upending the market—even with the possible privacy and data security issues. Read Now
- Artificial Intelligence
- Cybersecurity
Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025. In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities