Major Security Flaws Found in Popular Password Managers

Major Security Flaws Found in Popular Password Managers

Independent Security Evaluators found some worrying flaws in popular password managers, but still suggest that you use one.

  • By Sydny Shepard
  • Feb 21, 2019

Password managers, which have been suggested to internet users from all cybersecurity experts, are convenient and ensure the security of your account, but what if they are the source of vulnerability? A new report suggests that these password managers may not be as secure as you might think.

Before you go and delete your password manager and revert all your passwords back to 123456, note that the researchers who found these vulnerabilities in the five most popular password managers, still think that you should use one. 

The Independent Security Evaluators (IES) note that password managers are still a good thing, but found that they contain some worrying flaws on the security front, such as storing the master password for the application in the PC's memory in plaintext form.

ISE evaluated 1Password, Dashlane, KeePass and LastPass on Windows 10 and found that in some cases, the master password could be found in plaintext - no better than storing the password in a document saved to your desktop, at least when it comes to a skilled hacker. 

"Using a proprietary, reverse engineering, too, ISE analysts were able to quickly evaluate the password managers' handling of secrets in its locked state," ISE said in an article about the flaws. "ISE found that standard memory forensics can be used to extract the master password and the secrets it's supposed to guard."

The organization said an urgent remedy is required to facilitate password managers effectively scrubbing out all data that could lead to a potential compromise of a users' accounts. 

While these flaws are present in the password managers you might use today, it is worth noting that a hacker would have to first gain access to your computer to exploit this vulnerability. ISE says that password managers "add value to the security posture of secrets management," and help to avoid many bad password habits like weak passwords and re-using passwords.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

  • AI Used as Part of Sophisticated Espionage Campaign

    A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now

Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.