2 min

Passwords have to be more and more complicated. All passwords for all sites where you have remembered an account is therefore very complicated. For this reason, experts almost always recommend the use of online password managers. But now it turns out that the most popular password managers have vulnerabilities that expose precisely those stored passwords to hackers.

This is shown by a report released by Independent Security Evaluators (ISE) last Tuesday. The report shows that the most popular online password managers – 1Password, Dashlane, KeePass and LastPass – all fail to store passwords properly. In one hundred percent of the products that ISE analyzed, it turned out that user password security was not in order, according to ISE CEO Stephen Bono.

Save Master Password

Although password managers can be used to store logins and passwords and restore password reuse, these apps are a vulnerable target for hackers who are massively trying to collect this data, Bono says. This is due to the way the password managers store passwords in the computer memory. This concerns both individual login details and the main password used to secure the apps.

In some cases, that master password, which provides insight into all stored account data, could be found as plaintext in the computer memory. In other cases, the researchers were able to retrieve the master password with some simple hacking work. This was not very complicated and proves that hackers with similar knowledge and experience can also easily find out the main passwords.

It remains very important to keep all the software on your computer up to date as much as possible. Almost all password managers studied by ISE have newer versions that may solve the vulnerabilities. Also, the master password must not be able to be guessed with gross force attacks. Due to the many requirements for passwords nowadays, it is still advisable to use a password manager. The risk of a hack is much higher if you use easy to guess passwords, or use the same password for multiple sites.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.