Next to two-factor authentication, password managers are the most vital piece of everyday cyber-security that most people aren’t using. Fortunately, as cyber-security threats become more publicized, more users have turned to password managers. Some of the most popular password managers, 1Password, Dashlane, KeePass, and LastPass are used by 60 million individuals and 93,000 businesses worldwide. Unfortunately, in certain situations, researchers have found security flaws in these password managers render them “no more secure than saving passwords in a text file.”
Not long ago, a team of ethical hackers with Independent Security Evaluators published a study identifying major security flaws in popular password managers. Password managers rely on a master password to access login credentials saved in the program. In the simplest terms, researchers were able to recover the master password from a PC’s memory. In some cases, the entire database of the password manager was saved in plain text.
This is alarming, but don’t start deleting your password manager just yet. Believe it or not, this study is good news for password managers and those who use them. It offers ways to boost our defenses when it comes to protecting login credentials. After the study came out, LastPass and RoboForm say they would issue updates within the week; Dashlane said it had previously documented the issue and was working on a fix but had higher-priority security concerns; KeePass and 1Password claimed it was a known limitation and accepted the risk.
There are some other strategies you should employ in addition to your password manager to keep your data safe.
• Subscribe to your password manager so you can turn on two-factor authentication. The Free versions don’t include this.
• Use a passphrase for your password manager master password that has upper/lower letters, numbers, symbols and is at least 8 characters (i.e., Lov3$ecurity)
• Disable your browsers from saving your passwords in your browser “free” vault.
• Turn on two-factor authentication whenever possible. We recommend Google Authenticator.
There is no silver bullet when it comes to cyber-security. Password managers aren’t perfect, but they are far better than relying on weak passwords or, even worse, reusing the same passwords again and again.
Looking for ways to better protect your passwords and data? We launched our Online Identity Security Service to help you. Check out the free demo at Demo.SklarTech.com and learn about the resources available to help you feel more secure online.
Thanks for reading,
Randy Sklar, CEO
PS. Your employees are ROBBING you! Check out our report to find out how...