We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.


When you click on a retailer link on our site, we may earn affiliate commission to help fund our not-for-profit mission.Find out more.

22 Feb 2019

Are password managers really safe to use?

Security researchers from Independent Security Evaluators (ISE) have recently found vulnerabilities in password managers - we take a look at the potential risks

Researchers at US security specialists ISE have declared that popular password managers have vulnerabilities that could allow hackers to gain access to your passwords. The news caused alarm as millions of people now use these services to store their online passwords.

The ISE specialists discovered that popular services 1Password, KeePass, LastPass, and Dashline all have vulnerabilities that would potentially allow malicious software on a Windows machine to steal either the master password or individual passwords stored by the applications.

Should you be concerned, and are password managers still safe to use? We take a look at the risks.

Antivirus software is important to keep your computer free from all types of threats. Browse our antivirus software reviewsto see which packages come out on top.

Is there a risk to using a password manager?

The researchers found that each of the four password managers left passwords accessible in the computer's memory.

But in reality, to peer into your PC's memory, a hacker would likely either need to be sitting at your computer or trick you into installing malware that has control over your computer.

This sort of activity is unlikely. Instead hackers typically tend to try to hack companies so they can acquire a mass of data rather than spending time trying to go after individuals. Or they look for easy targets, such as people that have weak passwords, or poor protection.

The bottom line is - using a good antivirus package should always be the first line of defence against any type of threat.

1Password's Jeffrey Goldberg explained:

'The realistic threat from this issue is limited. An attacker who is in a position to exploit this information in memory is already in a very powerful position. No password manager (or anything else) can promise to run securely on a compromised computer.'

Should I stop using a password manager?

In a word, no.

Password managers are important tools that keep us safe online. Not only do they enable us to keep track of the multiple passwords that we need, they also help us to avoid bad practices such as using weak or common passwords.

And the researchers at ISE agreed, concluding, that:

'Password managers are a good thing. All password managers we have examined add value to the security posture of secrets management.'

How to choose a good password manager

Although this new report is somewhat alarming, it's still good practice to use a password manager - and if you don't already you should consider doing so.

We've put a range of the most popular password managers through rigorous tests to see how easy they are to use and how effectively they safeguard your online security.Our tests include setting up and using the password managers on a computer (both PC and Mac), as well as on an Android or Apple iOS mobile device (including the app and mobile web interface).

Make sure you select a Best Buy password manager and avoid a Don't Buy, whether you choose to opt for a free or premium service.

But there are also a number of other things you can do to boost your online security.

Three simple steps to boost your online security against hackers

The key thing is to protect your personal computing devices. There's no point worrying about potential vulnerabilities in password managers if you leave your computer wide open to abuse.

So take these simple steps:

  1. Keep all your software up to date. New versions often contain important security patches.
  2. Be very careful about installing software that comes from third parties other than Microsoft, Apple and Google-managed app stores.
  3. Say no to web-browser extensions and pop-up messages - these are often not what they seem.
  4. And of course, use good antivirus software to keep your computer free from threats.

Viruses and malware can infect your computer in several ways, but Best Buy antivirus software will give you peace of mind that your computer and personal data are safe.

Every day, we hunt for the worst malware in the world to test antivirus packages. Each package is bombarded with more than 10,000 samples of new malware, including more than 700 samples ofransomware, in online and offline tests.

All free antivirus packages offer the same basic underlying malware protection as their paid rivals, but differences come in the additional elements. For example, paid antivirus software can offer a more effective defenseagainst phishing, and protect more than one device.

Find out more about antivirus software in our how to buy the best antivirus software guide.