The best password managers are designed to keep the dozens or hundreds of passwords you have safeguarded behind one critical password that you need to remember, so a flaw that gives up that primary password is about as bad as things can get.
That is precisely the situation that users of the popular password manager KeePass are faced with currently, as a security researcher uncovered an exploit that could allow a hacker to obtain a victim’s master password in plaintext which would potentially give them access to the victim’s entire library of passwords (via TheHackerNews).
The one caveat to this exploit is that it does require that the hacker already has compromised the victim’s laptop or desktop, but once that is met this is about the worst-case scenario as it gives the hacker access to every service or account stored in your password manager.
KeePass has acknowledged the flaw and is hoping to address it with a version 2.54 update that is expected to come in early June. KeePass further asserts that the “password database is not intended to be secure against an attacker who has that level of access to the local PC.” Regardless of whether you find that credible or not, the fact that it is looking to address it with an update as soon as possible at least indicates that it doesn’t find the behavior acceptable.
How to protect your KeePass passwords
If you are running one of the best antivirus apps then it should help ensure that your system isn’t infected already, which again is a necessary step for a hacker to use this KeePass exploit. The exploit also requires that you type the password into your keyboard, so copying it over from a clipboard would also circumvent the problem.
Failing that you still have another potential defense though if you are using two-factor authentication (2FA) with KeePass. With 2FA enabled even if a hacker has your master password they would be unable to access your KeePass passwords as the second factor will be something only you have, whether it’s a physical key like a YubiKey or an Authenticator app.
More and more services are requiring 2FA and we strongly recommend using it wherever possible to help ensure you and your accounts remain safe and secure online.
Back to Ultrabook Laptops
Source link