Memorizing an N number of passwords (N representing your different passwords) proved to be a burden and hectic task to achieve. This fact is one of the biggest reasons behind the fact that many of us today uses some sort of a password vault software, locally on their machine or cloud based, to store and secure our long list of credentials to our digital life.
LastPass is one of the many password managers which enable us to safeguard our digital keys, and secrets. The basic idea is that you don’t have to remember every password (assuming you have complex passwords and different ones for each account) for every online/offline account you have, you store it in LastPass or the similar and it will do the job for you by filling the fields when you need to login to that website/account again.
The Vault can be Cracked
Lately Martin Vigo and Alberto Garcia Illera two of Salesforce security engineers presented in a blog post how LastPass authentication mechanism can be fooled and bypassed to steal login credentials. Their research showed some design flows which led to those vulnerabilities.
The engineers informed LassPass of their findings and the latter directly fixed the problems found, yet Vigo stated that he believes as LastPass can be cracked, other password managers most likely have similar results.
So What Now?
Should we stop using password managers?
Well clearly the answer is a clear No, since such vulnerabilities are quickly uncovered and fixed before being widely exploited. Now as a rule of thumb, keep changing your passwords occasionally, don’t keep them the same for a long time relying on the fact that they are stored in a password manager. In addition to that, as an alternative to cloud based password managers, you can use managers which encrypts and store the passwords on your local machine such as KeePass.