Researchers at US security specialists ISE have declared that popular password managers have vulnerabilities that could allow hackers to gain access to your passwords. The news caused alarm as millions of people now use these services to store their online passwords.
The ISE specialists discovered that popular services 1Password, KeePass, LastPass, and Dashline all have vulnerabilities that would potentially allow malicious software on a Windows machine to steal either the master password or individual passwords stored by the applications.
Should you be concerned, and are password managers still safe to use? We take a look at the risks.
The researchers found that each of the four password managers left passwords accessible in the computer's memory.
But in reality, to peer into your PC's memory, a hacker would likely either need to be sitting at your computer or trick you into installing malware that has control over your computer.
This sort of activity is unlikely. Instead hackers typically tend to try to hack companies so they can acquire a mass of data rather than spending time trying to go after individuals. Or they look for easy targets, such as people that have weak passwords, or poor protection.
1Password's Jeffrey Goldberg explained:
'The realistic threat from this issue is limited. An attacker who is in a position to exploit this information in memory is already in a very powerful position. No password manager (or anything else) can promise to run securely on a compromised computer.'
In a word, no.
Password managers are important tools that keep us safe online. Not only do they enable us to keep track of the multiple passwords that we need, they also help us to avoid bad practices such as using weak or common passwords.
And the researchers at ISE agreed, concluding, that:
'Password managers are a good thing. All password managers we have examined add value to the security posture of secrets management.'
Although this new report is somewhat alarming, it's still good practice to use a password manager - and if you don't already you should consider doing so.
We've put a range of the most popular password managers through rigorous tests to see how easy they are to use and how effectively they safeguard your online security.Our tests include setting up and using the password managers on a computer (both PC and Mac), as well as on an Android or Apple iOS mobile device (including the app and mobile web interface).
But there are also a number of other things you can do to boost your online security.
The key thing is to protect your personal computing devices. There's no point worrying about potential vulnerabilities in password managers if you leave your computer wide open to abuse.
So take these simple steps:
Every day, we hunt for the worst malware in the world to test antivirus packages. Each package is bombarded with more than 10,000 samples of new malware, including more than 700 samples ofransomware, in online and offline tests.
All free antivirus packages offer the same basic underlying malware protection as their paid rivals, but differences come in the additional elements. For example, paid antivirus software can offer a more effective defenseagainst phishing, and protect more than one device.