Flaws Discovered in Popular Password Managers, Report Claims

An analysis of multiple top password manager products has revealed vulnerabilities in the tools they use that could potentially put the security of user's credentials at risk, according to Independent Security Evaluators (ISE). A new study, Under the Hood of Secrets Management, found that a variety of different password managers, including 1Password and LastPass, have fundamental flaws. "One hundred percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” said ISE CEO Stephen Bono in a press release. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.” Security weaknesses were also found in the Dashlane and KeePass password managers, which came to light after ISE researchers reportedly examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked.