I’ve written before about the dangers of trusting a password manager to keep your passwords and the online accounts they correspond with secure.
Well, here’s yet another example that illustrates why I believe password managers are inherently risky.
One of the researchers with Google’s Project Zero has discovered and reported a very serious security flaw in one of the browser extensions that supports the popular LastPass password manager service.
According to the Google researcher, this flaw could potentially allow a hacker to insert malicious code into the flawed browser extension and steal your passwords – the very thing a password manager is supposed to prevent.
The folks at LastPass have acknowledged that the flaw in their software exists, but they are reporting that it has now been patched.
That’s good news for current LastPass users, but the fact that these flaws keep popping up doesn’t bode well for the future of password manager services in general.
Luckily, this flaw was found by one of the good guys instead of a malicious hacker, but the next one might not be.
If there was ever a category of software that needs to be absolutely, 100% secure, it’s password managers. And as this security flaw and the ones that preceded it prove, that simply isn’t the case.
As I’ve said before, trust your passwords to a password manager at your own peril.
In my opinion, it’s best to simply choose a password that’s secure, yet easy to remember and enable two-factor authentication on every one of your accounts that supports it.
Bottom line: I still don’t recommend that you entrust the passwords that control access to your digital and financial lives to a password manager service. And I never will.
And now for a bonus tip: Be sure to sign up for my free RicksDailyTips Email Newsletter at the bottom of this page!
Want to help spread the word about my tips? Just click one of the handy social media sharing buttons below: