Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Patch Your Password Manager Now!

March 1, 2017

You should be using a password manager to store all of your logon credentials and other pieces of important digital information. There is no way anybody could remember each unique complex password used to access websites or application logon. Password managers are your friend when it comes to securely storing all of those passwords. That is unless the password manager has flaws. A group of security researchers called TeamSIK from the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt, Germany, published the results of testing nine password managers on Android devices. They tested My Passwords, Informaticore Password Manager, LastPass, Keeper, F-Secure KEY, Dashlane, Hide Pictures Keep Safe Vault, Avast Passwords, and 1Password.

Each and every one of them had at least one security vulnerability. Sometimes the flaw was pretty serious such as storing the master password in plain text. Many of the apps fail to account for the possibility of clipboard sniffing, where the password is stored in memory so that it can be pasted into a password field. The Register has the full list of identified vulnerabilities. Not to worry though. The researchers notified each vendor and all of the discovered problems have been fixed, which is why you should make sure you have installed the latest patches if you are a user of any of the nine tested password managers.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com