Researchers Find Security Issues with Several Password Manager Apps
With so many people’s educational, financial, and social lives tied to the online world, passwords have become as important as the keys to your personal safe, car, house etc. As we integrate more of our daily lives into the online space, it becomes harder for people to not only keep their passwords complex and secure, but to simply remember them. This has resulted in many using the same password across multiple websites and services, which can have some very devastating results as we’ve learned with the many online breaches these past few months.
Services called password managers started to become popular as it took a lot of the responsibility of remembering passwords off of our shoulders. Not only did they allow us to create unique, complex passwords for each individual service, but it also makes it easier to access those passwords across different platforms. Security for anything, though, is only as strong as the weakest link in the chain. If you use Android applications to manage your passwords, then you would expect that the only real danger to getting hacked is how strong you’ve made your passwords. While there has been the occasional security breach, generally few people expect that their password manager itself would be vulnerable to hacking.
However, that’s exactly what researchers at TeamSIK found out. The team recently published a report that gives us a look at how insecure some password manager applications are. A list of the top 9 password manager applications that can be downloaded from the Play Store was gathered, and a security audit on all of these applications was performed which found at least one security issue with each of them. The list of applications tested include:
- Informaticore Password Manager
- LastPass Password Manager
- Keeper Passwort-Manager
- F-Secure KEY Password Manager
- Dashlane Password Manager
- Hide Pictures Keep Safe Vault
- Avast Passwords
- 1Password – Password Manager.
Some of these apps, like Informaticore Password Manager, only had one security issue that was discovered in this audit. While others, such as Avast Passwords and 1Password – Password Manager, had as many as 5 or 6. While many of these services claim to be “bank-level” or “military-grade” secure, some aren’t as secure as one would hope. Thankfully, as of March 1st 2017, all of these disclosed vulnerabilities have been patched by the vendors.
But it’s still on you to be aware that while password managers are generally better at safeguarding your passwords than your memory, some might not be as secure as they claim to be. As our own Daniel Marchena recommends, you may want to look into KeePass as it is an open source solution that keeps your passwords stored locally instead of on a company’s severs.