Unsolved
10 Elder
•
43.6K Posts
1
465
Password managers expose data
ISE, an independent security consulting firm tested password managers for their security. Their report is geeky, but the bottom line is:
"...in all password managers examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets retrieval from an assumed secure locked state."
They tested:
- 1Password4 for Windows
- 1Password7 for Windows
- Dashlane for Windows
- KeePass Password Safe
- LastPass for Applications
So keep on top of updates for these apps, assuming they respond to the report with improved security.
RoHe
10 Elder
10 Elder
•
43.6K Posts
0
February 21st, 2019 18:00
I don't use password managers either. Keeps my brain (semi-)working remembering all my passwords. :Angel:
Not so long ago, I was forced to change my password on this site at a time that seemed to correspond with a reported data breach at Dell's PC sales site. No proof of any relationship between the two events, but the timing was certainly suggestive...
joe53
1 Rookie
1 Rookie
•
5.8K Posts
0
February 21st, 2019 18:00
I have always thought that storing your passwords to sensitive/financial websites on your PC in any format was akin to leaving your front door key under a nearby flower pot.
I have never used a password manager. It is a bit of a pain to have to enter them manually, but I can remember most important passwords (pass phrases, actually - a more secure solution) and have them written down in a ledger well hidden. I fear the online hacker more than the physical house intruder.
For non-critical websites such as this, I must confess I let my browsers insert the PW. In 2 decades my ID has never been spoofed in any forum.