Top password manager products have fundamental flaws that expose the data they are designed to protect, rendering them no more secure than saving passwords in a text file, according to a new study by researchers at Independent Security Evaluators (ISE).
“100 percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” says ISE CEO Stephen Bono. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.”
In the new report titled “Under the Hood of Secrets Management,” ISE researchers revealed serious weaknesses with top password managers: 1Password, Dashlane, KeePass and LastPass. ISE examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked. More than 60 million individuals 93,000 businesses worldwide rely on password managers. Click here for a copy of the report.
Password managers are marketed as a solution to eliminate the security risks of storing passwords or secrets for applications and browsers in plain text documents. Having previously examined these and other password managers, ISE researchers expected an improved level of security standards preventing malicious credential extraction. Instead ISE found just the opposite.
Click here to read the findings from the report.