top of page

Password managers are supposed to keep you safe....

Are you a big fan of passwords? Long complex and complicated?

Naaa ...I didn’t 't think so! neither are we!

We’re big advocates of password managers here at NSC42; in fact, many cybersecurity professionals are, as it’s the easiest way to get users, who usually use password123, a more safe and secure life.

So, what happens when what should be one of the safest spaces in the web is found to contain security flaws?

LastPass is one of the most popular password management solutions on the market, with more than 16 million users, including 58,000 businesses, so the news a vulnerability has been discovered is a real cause for concern.

The issue, which made it possible for websites to steal credentials for the last account the user logged into using chrome or opera extensions, was discovered by Google Project Zero analyst Tavis Ormandy.

In a tweet posted on September 16, he said: “LastPass could leak the last used credentials due to a cache not being updated,” adding “this was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!”

The vulnerability was discovered last month, but it was only made public on Sunday but the good news is it has already been patched and comprehensively verified with Project Zero.

In a statement Ferenc Kun, the security engineering manager for LastPass at LogMeIn, which owns LastPass, said: “To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times.

"Any potential exposure due to the bug was limited to specific browsers (Chrome and Opera.)

“We have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.”

While there is an obvious concern about the security of such apps, the positives far outweigh the negatives. There is a far bigger risk of your accounts getting compromised by using poor passwords, than this happening again.

The problem is though, that when a situation like this occurs, the end result can be catastrophic. The average adult has 31 online accounts, which all require passwords, which is why so many of us have been known to use the same one more than once – yes even me!

If you’re still concerned following this latest vulnerability then you can increase your security levels by making sure you use multi-factor authentication.

144 views0 comments


bottom of page