Flaws in password managers could have exposed credentials

Scorpus

TechSpot Staff
Staff member
If you thought that using a software-based password manager was a safe way to remember complex, secure passwords without them being stolen, you might want to think again.

[newwindow="https://www.techspot.com/news/57408-flaws-in-password-managers-could-have-exposed-credentials.html"]Read more[/newwindow]
 
  • Like
Reactions: misor

misor

TS Evangelist
I think my password "n0passw0rd1234567890" is still safe since I don't use any password manager. :)

seriously, I keep on changing my passwords that I tend to forgot them. for my Microsoft accounts this year alone, I think I already changed passwords like 7x each account.
 
D

davislane1

This is why, if you need to use a manager, it should be local. Although the chances of being compromised by an attack are low, they are even smaller if the target is exceedingly small (your machine rather than corporate servers).
 

Mieksr

TS Enthusiast
It isn't an online based dictionary so that's a start. Still... if a hacker gets a hold of the file, they can attempt to decrypt offline.
I usually save KeePass file on a TrueCrypt volume. But from what I've read TrueCrypt isn't save anymore.
 

Capaill

TS Evangelist
I keep my passwords in a local text file encrypted with AxCrypt. Makes it a bit of a pain when I'm away from the computer and forget a password. But feels safer than trusting an online site with my passwords.
 
G

Guest

When I had to choose a Password Manager for myself I choose KeePass precisely because it's offline
how many times do we have to say it? NEVER TRUST THE CLOUD
 

Nima304

TS Evangelist
It isn't an online based dictionary so that's a start. Still... if a hacker gets a hold of the file, they can attempt to decrypt offline.
I usually save KeePass file on a TrueCrypt volume. But from what I've read TrueCrypt isn't save anymore.
That's another conversation entirely, and I disagree that TrueCrypt isn't secure, even though the developers now claim it is.

Anyway, if I had so many passwords that I needed to store them, a text file in an encrypted TrueCrypt volume (768-bit cascading encryption, SHA-512 hash) is what I'd use. I advise everyone against using an online service to store your password, as it adds hassle and sometimes costs money, but more importantly, employs so many attackable mechanisms that you're sometimes more secure simply using a less complex password that you can remember.
 

Jad Chaar

Elite Techno Geek
I use 1Password and it is phenomenal. The apps are really expensive but the software and the support is great. 1Password is a local password manager (based on your PC rather than on the web) so I don't think all the flaws apply for it. That said though, there is always a risk in storing passwords on a machine.
 
G

Guest

KeePass is a pain in the *** to use, but with last pass you can be 100% sure all your passwords go straight to the NSA database.
 

misor

TS Evangelist
"passwords and encryption are irrelevant. I am a machine.", says a Microsoft botnet who reads an employee email.
 
G

Guest

All of your comments are excellent. But who cares what you do if the servers you visit just gives them out. hahahaha. So many stupid people. Let me guess your password reset is your puppies name hahaha. Or your favorite movie. Here is a kicker for you. For added security my favorite movie is my favorite puppy but the guy on the phone told me that I can not do that. Can you believe this he tells me I can not do it but yet he lets me reset my moms password. hahaahha. Such an I D I O T.