Your IT Consultant

Is a Buggy Password Manager Better than No Password Manager?

July 25, 2017

Tough question. My tendency would be to avoid password managers that have experienced issues with security, randomness and access to the encrypted data. Recently, Dashlane has come under attack for refusing to fix an issue identified by a security researcher. Researcher Paulos Yibelo stated, I reported this to the vendor and they said they will not fix this vulnerability because of it being a design issue." Dashlane responded by stating, "The ability to write/overwrite this dll in the Dashlane directory does not compromise the security of Dashlane or our users' data and, although we could prevent the action, it is not necessary and wastes development and security research time." Hmm.

Call me paranoid, but my inclination is to avoid password managers that have instances of being called out, especially if there is no intention of fixing the problem. There are far too many options available to use something that may be compromised at a future time.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com