Security News
A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. Developed by Russian security firm Kaspersky, the Kaspersky Password Manager allows users not only to securely store passwords and documents, but also to generate passwords when needed.
Last year, Kaspersky Password Manager users got an alert telling them to update their weaker passwords. Three months later, a team from security consultancy Donjon found that KPM didn't manage either task particularly well - the software used a pseudo-random number generator that was insufficiently random to create strong passwords.
The password generator included in Kaspersky Password Manager had several problems. All the passwords it created could be bruteforced in seconds.
Jack Wallen installed 1Password on Linux and found it to be a fantastic solution for password management. Follow his tutorial on how to get this proprietary solution installed on your open source OS. This is a tricky proposition for some-an official 1Password client has been released for Linux.
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested."
Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims.
With the free version of LastPass now limiting where you can sync your passwords, here are a few other options. LastPass has typically gotten kudos as an effective password manager.
The free version of LastPass - which people use to store passwords, notes, credit card details and so on - currently works across devices; a single login will give you access to all the associated data. From March 16, users will be required to choose which "Active device type" they want to use for the free service.
Here's our latest Naked Security Live talk, where we answer the thorny question, "What if my password manager gets hacked?". We often recommend password managers, as we did last week in our article Cybersecurity tips for university students.
If you already use Dropbox, then you may want to take the new Dropbox password manager for a spin. To import your saved passwords from another source, click the Try It button and select either your browser or another password manager.