|
Title: Some password-manager apps that store data centrally get it right Post by: HCK on April 19, 2017, 04:05:13 pm Some password-manager apps that store data centrally get it right
<article> <section class="page"> <p>LastPass has been in the news a number of times in the last few years, and not in a good way. The firm makes password-management software for multiple platforms, synced through their central servers. In mid-2015, thieves copied its main password database (http://www.macworld.com/article/2936663/lastpass-was-hacked-heres-what-you-have-to-do.html), but because of good password storage design, the likelihood is that no users had any data extracted. In January 2016, a researcher found a user-interface spoofing bug (http://www.macworld.com/article/3025487/security/lastpass-fixes-some-browser-based-impersonation-weaknesses.html), since fixed. In mid 2016, another researcher figured out how to fool LastPass (https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/) with an autofill operation (fixed) and another reported a phishing vulnerability (https://blog.lastpass.com/2016/07/lastpass-security-updates.html/) (also fixed). Then a few weeks ago, another found browser-based extension vulnerabilities (http://www.pcworld.com/article/3185731/security/lastpass-is-scrambling-to-fix-another-serious-vulnerability.html) (also fixed, except for one older client, being retired).</p><p class="jumpTag"><a href="/article/3188288/security/some-password-manager-apps-that-store-data-centrally-get-it-right.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: Some password-manager apps that store data centrally get it right (http://www.macworld.com/article/3188288/security/some-password-manager-apps-that-store-data-centrally-get-it-right.html#tk.rss_all) |