• Latest
  • All
  • How To
Password

Your Password Manager Is Vulnerable. Here’s Why You Shouldn’t Be Panicking

April 18, 2022
kenya-parliament

Parliament Invites Public Feedback on Virtual Asset Bill 2025

May 30, 2025
ConnectedAfrica2025(Day4)-meta-foondamate

Connected Africa 2025 Day 4: FoondaMate and Meta Team Up to Bring AI to Classrooms

May 29, 2025
google-veo-3

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

May 29, 2025
iOS 26

Apple Plans Big Rename for iOS and macOS at WWDC 2025

May 29, 2025
DHgate Tablet Cases deals
University student fined for defamatory Facebook posts

University Student Fined KES 7.5 Million for Defamatory Facebook Posts

May 29, 2025
AI Africa policies database

New Platform Brings All African AI Policies Under One Database

May 28, 2025
POATE 2025

Kenya’s Tourism Sector Grows as Travel Gets Easier Across East Africa

May 28, 2025
sodium-ion battery

Researchers Develop Sodium-Ion Battery That Charges to 80% in 6 Minutes

May 27, 2025
TV Gambling Ads

Regulator Fines Stations Using Religious Shows to Push Gambling

May 27, 2025
Connected Africa Summit 2025

Connected Africa 2025 Day 2: Focus on Digital Inclusion & Cybersecurity

May 27, 2025
whatsapp chatbots

iPad Users May Finally Get a Native WhatsApp App

May 28, 2025
Connected Africa Summit

Connected Africa Summit Calls for Unified Tech Vision

May 28, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Your Password Manager Is Vulnerable. Here’s Why You Shouldn’t Be Panicking

George Kamau by George Kamau
April 18, 2022
in News
Reading Time: 4 mins read
253
5
Password
Password

Most popular password managers are flawed. This is according to a new report published yesterday that found people who used password managers are vulnerable to malware attacks. The audit, done by Independent Security Evaluators, revealed that the Windows 10 apps of LastPass, RoboForm, 1Password, KeePass and Dashlane had security flaws that put users in harm’s way. (Mac and mobile users can also be affected)

What’s the flaw?

The password managers had vulnerabilities that left passwords exposed in your computer’s memory and this includes your master password or individual credentials stored by the password managers – all because of a broken locked mode these apps have. This makes it easier for hackers to get your entire login credentials right from your computer’s RAM.

This flaw is caused by insecure memory management and only works after a user opens their password manager and logs in with their master password. The password managers try to erase the passwords from memory but residual buffers still hold on to them caused mostly by memory leaks, lost memory references and complex graphic user interface frameworks that didn’t expose internal memory management mechanisms to clean up the passwords.

You are safe as long as the app is not running since passwords stored in your disk are at least safe.

No need to panic, yet?

Some password managers have already fixed this flaw such as LastPass and RoboForm are working to issue updates later this week. Dashlane is also working on fixing despite having higher priority security concerns.

However, KeePass and 1Password blatantly disregarded this issue citing it as an accepted risk and a known limitation with Windows.

Also worth noting is that the latest version of 1Password is more vulnerable to this type of attack as the new version isn’t better at protecting your password since it loads all your passwords to the computer’s memory in plain text format when you typed in your master password.

This is a wakeup call to switch up your password manager to one that takes user’s security seriously.

At the moment, there has been no evidence that hackers have started targeting users but we don’t know for sure, how long this will last.

Here’s why you shouldn’t stay up all night worried.

For this vulnerability to be taken advantage of, a hacker would have to be physically at your computer or deceive you to install malware that takes over your computer. Also, hackers often go after mass attacks rather than target individual users unless you have more value. People with low regard for their securities such as reusing the same password for multiple sites are the most at risk as hackers refer to them as the low hanging fruits.

Should you still continue using password managers?

It’s a good thing that this flaw was discovered early on before targeted attacks by hackers began since password managers have been put on task to further strengthen their security.

Our devices are our weakest link between us and hackers, neither a password manager nor any software will help you once they become compromised. You just need to be better at protecting yourself by practising strong security measures to make yourself less prone to these attacks.

Yes, you should still continue using password managers especially ones that take this task seriously. It’s risky putting all your credential in one place but this is better than having to reuse them on sites you frequently visit just for the convenience or completely going off-grid, which is impossible for some of us.

Password manager companies encrypt your data and don’t store your master password at their servers so even in an event of a breach; hackers will only get access to mumbo-jumbo of data. You’ll have to be picky when choosing a password manager and choose a UNIQUE master password.

The major take away from this is that being safe online is not about being unhackable, it’s that don’t be the low hanging fruit that hackers often target.

Our top pick for password manager apps is Dashlane. Another runner-up is LastPass.

Beyond storing your passwords, these password manager apps go through your passwords to see which ones are secure and which ones are not and alert you on ones that have already been leaked or reused.

Another extra step to be secure online is setting up 2-factor authentication, popularly known as 2FA, especially on sites that give you that option.

Stay Safe.

Tags: LastPass
SendShare146Tweet92
George Kamau

George Kamau

I brunch on consumer tech | [email protected]

Related Posts

Password Managers Now Are Being Compromised as LastPass Reports Hack

Password Managers Now Are Being Compromised as LastPass Reports Hack

December 24, 2022
Signal App

Privacy Changes You Need to Make Right Now

April 18, 2022
Signal vs Telegram vs WhatsApp

Privacy Apps You Should Download Right Now

March 22, 2021
Huawei Mate 20 Pro

Security Checklist for Your Android Smartphone

April 18, 2022
Lastpass is Finally Free on Mobile but There is a Catch

One No Longer Needs a Premium Subscription to Use LastPass on Multiple Devices

November 3, 2016
Lastpass is Finally Free on Mobile but There is a Catch

Lastpass is Finally Free on Mobile but There is a Catch

August 11, 2015

Latest

kenya-parliament

Parliament Invites Public Feedback on Virtual Asset Bill 2025

May 30, 2025
ConnectedAfrica2025(Day4)-meta-foondamate

Connected Africa 2025 Day 4: FoondaMate and Meta Team Up to Bring AI to Classrooms

May 29, 2025
google-veo-3

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

May 29, 2025
iOS 26

Apple Plans Big Rename for iOS and macOS at WWDC 2025

May 29, 2025
University student fined for defamatory Facebook posts

University Student Fined KES 7.5 Million for Defamatory Facebook Posts

May 29, 2025
AI Africa policies database

New Platform Brings All African AI Policies Under One Database

May 28, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

Parliament Invites Public Feedback on Virtual Asset Bill 2025

May 30, 2025

Connected Africa 2025 Day 4: FoondaMate and Meta Team Up to Bring AI to Classrooms

May 29, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

Introducing A Brainbox Quiz: Techweez’s Monthly Trivia Night!

More News

Kenya’s Tourism Sector Grows as Travel Gets Easier Across East Africa

Researchers Develop Sodium-Ion Battery That Charges to 80% in 6 Minutes

Regulator Fines Stations Using Religious Shows to Push Gambling

Connected Africa 2025 Day 2: Focus on Digital Inclusion & Cybersecurity

iPad Users May Finally Get a Native WhatsApp App

Connected Africa Summit Calls for Unified Tech Vision

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.