Flaws in top password managers can expose the very data they are supposed to protect, a study by researchers at Independent Security Evaluators (ISE) researchers found.
"100 percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” ISE CEO Stephen Bono said in a release announcing the findings of “Under the Hood of Secrets Management. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.”
Assessing the underlying functionality of 1Password, Dashlane, KeePass and LastPass on Windows 10, researchers discovered that in some cases, the master password could be found in plaintext in the computer’s memory when the password manager was locked and that they could extract the master password using standard memory forensics.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.