In recent years, security researchers have discovered vulnerabilities in the four most popular password managers. The digital safes can be cracked with a lot of effort, giving hackers access to one or more passwords. Despite these flaws, it is still recommended to use a password manager.
Table of Contents
Password managers are vulnerable: you should know this
A password manager is an app and/or website where you store all your passwords. You secure the digital safe with a unique username and master password. Only with that combination will the safe unlock, after which you have access to all your – difficult to remember – passwords. At least, that’s the theory. In practice, the four most popular password managers appear not to be completely watertight.
American consulting firm Independent Security Evaluators (ISE) examined the Windows 10 versions of 1Password, KeePass, LastPass and Dashlane. All four appear to have flaws. Malicious individuals can view your master password or saved passwords by digging into the memory of a Windows computer.
LastPass will soon be releasing an update to fix the vulnerability, while the other three password managers believe the flaw is an acceptable risk of the Windows 10 operating system.
Not using a password manager is more dangerous
While these types of reports might serve as a deterrent for some people, the researchers at ISE still recommend people to use a password manager. The chance that a malicious person will exploit such a vulnerability to crack your password vault is extremely small. In addition, it is not clear whether other operating systems are susceptible to this type of vulnerability. The ISE researchers have not looked at the iOS and Android apps and MacOS software of the popular password managers.
The researchers at ISE, like many other experts, argue that the security benefits of a (good) password manager far outweigh the small risk of digital burglary. A password manager is well protected and therefore very difficult to crack. This is very effective at deterring hackers. Compare it to securing your home. If burglars see that your house has solid locks, chances are that they will continue to look for a house with low-quality locks.
Users of a password manager have a good lock on their passwords, while there are also plenty of users who store their passwords in less secure ways. For example, by remembering passwords and therefore using the same, simple password for many services.
Frequently asked questions about password managers
Are password managers safe to use?
Yes, generally, using a password manager to store your passwords is very safe and effective.
What password manager should I use?
The most popular password managers include Dashlane, KeePass, 1Password and LastPass.
Are password managers free?
While there are a few free password managers, most are paid. However, some paid password managers offer free trials.