EXECUTIVE SUMMARY:
Password managers emerged to save users from the headache of having to remember a collection of cumbersome, nonsensical strings of letters, numbers and symbols. However, do newly reported security flaws make it so the perils of using a password manager outweigh the benefits?
International Security Evaluators (ISE) report that products including 1Password, Dashlane, KeePass, RoboForm and LastPass have a structural deficiency within Windows 10 operating systems. The products can leave passwords in a computer memory, which is almost equivalent to leaving them lying around in a plain text format on the desktop.
While researchers only studied Windows systems, the defects could persist in Apple Macs and mobile operating systems as well.
Hackers could easily exploit this security loophole. ISE lead researcher, Adrian Bednarek says that “Given the huge user base of people already using password managers, these vulnerabilities will entice hackers to target and steal data from these computers via malware attack.”
Despite this potential threat, the responses from password management companies ranged from concerned to nonchalant. LastPass and RoboForm noted that they intend to issue updates this week. In contrast, KeePass and 1Password breezed by the report, noting that there are limitations to their products’ capabilities, and that the level of risk is considered acceptable.
As technology columnist, Geoffery A. Fowler of The Washington Post points out, cyber security risks fall on a spectrum. “There’s no “safe” and “unsafe”, there’s “safer than” or “better than.” Being 100% safe would require disconnecting from the internet and moving to an undisclosed bunker,” he writes. Chances are good that hackers would go after information that’s easier to obtain, and that would lead to a higher net yield.
For now, the ISE recommends retaining your password managers while also taking steps to maximize safety.
For more information, get the full story at The Washington Post.