HackControl blog: articles about pressing cybersecurity issues

In recent years, security researchers have discovered vulnerabilities in the four most popular password managers. The digital safes can be cracked with a lot of effort, giving hackers access to one or more passwords. Despite these flaws, it is still recommended to use a password manager.

Table of Contents

Password managers are vulnerable: you should know this

A password manager is an app and/or website where you store all your passwords. You secure the digital safe with a unique username and master password. Only with that combination will the safe unlock, after which you have access to all your – difficult to remember – passwords. At least, that’s the theory. In practice, the four most popular password managers appear not to be completely watertight.
American consulting firm Independent Security Evaluators (ISE) examined the Windows 10 versions of 1Password, KeePass, LastPass and Dashlane. All four appear to have flaws. Malicious individuals can view your master password or saved passwords by digging into the memory of a Windows computer.
LastPass will soon be releasing an update to fix the vulnerability, while the other three password managers believe the flaw is an acceptable risk of the Windows 10 operating system.

Not using a password manager is more dangerous

While these types of reports might serve as a deterrent for some people, the researchers at ISE still recommend people to use a password manager. The chance that a malicious person will exploit such a vulnerability to crack your password vault is extremely small. In addition, it is not clear whether other operating systems are susceptible to this type of vulnerability. The ISE researchers have not looked at the iOS and Android apps and MacOS software of the popular password managers.

The researchers at ISE, like many other experts, argue that the security benefits of a (good) password manager far outweigh the small risk of digital burglary. A password manager is well protected and therefore very difficult to crack. This is very effective at deterring hackers. Compare it to securing your home. If burglars see that your house has solid locks, chances are that they will continue to look for a house with low-quality locks.

Users of a password manager have a good lock on their passwords, while there are also plenty of users who store their passwords in less secure ways. For example, by remembering passwords and therefore using the same, simple password for many services.

Frequently asked questions about password managers

Are password managers safe to use?

Yes, generally, using a password manager to store your passwords is very safe and effective.

What password manager should I use?

The most popular password managers include Dashlane, KeePass, 1Password and LastPass.

Are password managers free?

While there are a few free password managers, most are paid. However, some paid password managers offer free trials.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.