Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Hacking Password Managers
Threaded  |  Newest First  |  Oldest First
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/14/2014 | 6:14:13 PM
trusting a password manager?
I've wanted to go with a password manager for a while now, but I am still not comfortable with the concept. Developments like this make me kind of glad I've held back. 

I'd love to hear what other folks think about the risks of a password manager. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/15/2014 | 9:14:53 AM
Re: trusting a password manager?
I tried a password manager once and then immediately forgo the password. #Dumbmistake
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 9:22:31 AM
Re: trusting a password manager?
I just worry about the pw manager service getting 0wned. I like keeping control, even if it's a pain in the neck.
anon9011498124
50%
50%
anon9011498124,
User Rank: Apprentice
9/16/2014 | 3:31:43 PM
Re: trusting a password manager?
Nice article. My advice to everyone is to use any password manager available which fits their needs and to use different and super strong passwords for every site they have an account on. Or maybe if their memories are that great that they can remember passwords like brKir7j&^@RC7&IK, they can use their brains and feel pain in the neck :)I have found a free version of Sticky Password some time ago and converted it to the paid version after using it for a couple of weeks. Used it ever since without problems. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/15/2014 | 9:54:13 AM
Re: trusting a password manager?
That is the problem Marilyn. You still need to keep a password in mind. We should just revamp this username/password and defining new ways of protecting ourselves. I do not know what it would be but I know username/password pair is not really working when ii comes to security or privacy.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
7/15/2014 | 9:41:10 AM
Re: trusting a password manager?
@Kelly  I feel the same way. I'd rather use my own brain. And for stuff that I don't use often that I feel like my husband might need to know, I stick it on my fridge. If someone breaks into my apartment, I'll have bigger problems. Well, at least, more problems.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/15/2014 | 9:51:38 AM
Re: trusting a password manager?
Agree. Maybe that or, find a way to remember the password per site easily. Such as remembering logo of the site and defining password that we can related to it. I just gave away my way of defining password :--))
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 9:52:47 AM
Re: trusting a password manager?
Ha! I hear ya. I have my secret cryptic cheat-sheet. It's lame, but it makes me feel somewhat in control. 
DAVIDINIL
50%
50%
DAVIDINIL,
User Rank: Apprentice
7/15/2014 | 9:58:38 AM
Re: trusting a password manager?
I am a bit nervous about using Roboform and Lastpass, but I find them to be essential.  I think I am less vulnerable by using a PW manager than I am using the same password for every website I use. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 10:01:39 AM
Re: trusting a password manager?
I have probably 100 different complex passwords, so remembering all of them is impossible. A pw manager is certainly tempting, but something keeps stopping me from putting my eggs in that basket. #paranoidsecurityjourno
DAVIDINIL
50%
50%
DAVIDINIL,
User Rank: Apprentice
7/15/2014 | 10:08:58 AM
Re: trusting a password manager?
Especially considering some sites, like Yahoo Mail, seem to want me to change my PW on a regular basis.  Enough already. 
andre.boysen
50%
50%
andre.boysen,
User Rank: Author
7/15/2014 | 12:08:07 PM
Re: trusting a password manager?
Password managers are a stop gap measure that makes the best of a bad design. Of all the methods users can employ to manage online life, they are the least of all evils if well used by a good provider.


Important is to move to a model without passwords as the primary security mechanism.

 

 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/15/2014 | 9:49:08 AM
All the same
We have to assume that the apps that store or generate passwords have the same vulnerabilities as other regular applications. I do not use any apps for passwords, however it is getting overloaded I can tell, defining a different password per site, that is too much. :--))


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...