Password managers have a security flaw, but you should still be using one
A NEW study has identified security flaws in five of the mostpopular password managers.
Now for some counter-intuitive advice: I still think you should use a password manager. So do the ethical hackers with Independent Security Evaluators who came to me with news of the flaws - and other security pros I spoke to about the study. You wouldn’t stop using a seat belt because it couldn’t protect you from every kind of vehicle accident. The same applies to password managers.
But the research, which finds password manager users are vulnerable to targeted malware attacks, points to the fact that online safety isn’t about being unhackable, it’s about not being the lowest-hanging fruit.
Password managers are programs that keep all your login details in an online safe-deposit box. They’re critical tools for staying safe because the No. 1 most annoying thing about the internet - passwords - leads people to make the number one security mistake - reusing passwords. Hackers know we do this, so they take passwords from one breached site and then try them on lots of others. Using a program to keep track of all your unique passwords takes some adjustment, but they’re getting simpler and can make logging into things faster.
The question that’s haunted these programs is: How is it possibly safe to put all your passwords in one basket? If someone steals it, you’re hosed.
For accountability’s sake, audits like the new one by ISE are important. It found the Windows 10 apps for 1Password, Dashlane, KeePass, LastPass and RoboForm left some passwords exposed in a computer’s memory when the apps were in “locked” mode. — Washington Post