Major security flaws were found in some the the most popular, highly rated web-based password managers including LastPass and RoboForm. This according to researchers from the University of California in Berkeley. Most of the flaws have already been addressed, but unclear as to whether these flaws were exploited in the wild. I personally don't use cloud-based password managers.Read the article at Flaws in password managers could have exposed credentials.

Here's a link to a PDF of the actual study.I have used LastPass for years so this is interesting. The 2 areas the researchers identified with vulnerabilities in LastPass were in the bookmarklet feature (using a Javascript bookmarklet to enter username/password to the current site versus using the browser-specific extension) and in one-time passwords (OTP). I use neither of these features. The bookmarklet would be used for a browser that does not support extensions such as Safari or Chrome on a mobile device. Firefox and Chrome, the 2 I use, do not require the use of a bookmarklet on a desktop. The other area was when using OTP which I also don't use. I don't share access to my vault in this manner and doubt that it's a commonly used feature.We've talked a lot about security on this forum and the same issues exist with any password manager that exist for other security products - absent a full security audit whose results are made public we're reliant on the manufacturer's assurance of security.

bwanshoom wrote:Here's a link to the actual study.Just note that the link is for the PDF document of the study.

Google Search predicts the future?So I post this thread on RV.NET about three-hours ago according to the forum time-stamp. Yet, Google apparently already indexed the forum thread 15-hours earlier? :B

1492 wrote:Google Search predicts the future?So I post this thread on RV.NET about three-hours ago according to the forum time-stamp. Yet, Google apparently already indexed the forum thread 15-hours earlier? :BThey know so much about you they'd already indexed it before you wrote it. Next they'll just make your posts for you. Autonomous cars, autonomous forums - they do it all.

Another good reason why "The Cloud" isn't the be-all and end-all of software and storage. I use Roboform, but not the online storage option.

Flaws Found in Popular Web-Based Password Managers

bwanshoom
Explorer
Jul 16, 2014
Here's a link to a PDF of the actual study.

I have used LastPass for years so this is interesting. The 2 areas the researchers identified with vulnerabilities in LastPass were in the bookmarklet feature (using a Javascript bookmarklet to enter username/password to the current site versus using the browser-specific extension) and in one-time passwords (OTP).

I use neither of these features. The bookmarklet would be used for a browser that does not support extensions such as Safari or Chrome on a mobile device. Firefox and Chrome, the 2 I use, do not require the use of a bookmarklet on a desktop.

The other area was when using OTP which I also don't use. I don't share access to my vault in this manner and doubt that it's a commonly used feature.

We've talked a lot about security on this forum and the same issues exist with any password manager that exist for other security products - absent a full security audit whose results are made public we're reliant on the manufacturer's assurance of security.

Forum Discussion

Flaws Found in Popular Web-Based Password Managers

About RV Must Haves

Related Content

Password Manager Question

Password

Task Manager Password???

Plumbing Management

Android tablet password recovery