Is it time to start rethinking password managers?
Following several cyberattacks in recent months, the use of password managers has come into question regarding how safe and secure they truly make your private data.
CyberSecurity Dive reported that the recent breach of Passwordstate, an Australian password manager, which followed the mega attack on SolarWinds in December, could raise questions about the trust and security that password managers proclaim to do.
In the latest attack on Passwordstate, a malicious malware was installed during a software update, which allowed attackers to “exfiltrate computer system data, passwords and other information.” While Passwordstate isn’t as popular as other brands, the report says it has tens of thousands of customers worldwide, including members of Fortune 500 companies.
The SolarWinds attack is a different story. Microsoft president Brad Smith called the attack one of the “largest and most sophisticated” ever after a hacking campaign used a US tech company to pull data from US government agencies. The attack, which was discovered in December, was likely at the hands of Russian hackers, Reuters reported.
Hackers were able to access emails at the US Treasury, Justice and Commerce departments, and SolarWinds told the SEC that up to 18,000 customers had installed the update, leaving them vulnerable. Like Passwordstate, Solarwinds’ clients include Fortune 500 companies.
Most workplaces use password managers to organize shared information that can be used by multiple people. It can be a neat and organized approach to keep everything under one roof. Even at home it can help safeguard and even encourage password changes frequently to keep your information out of the hands of the wrong person.
CyberSecurity Dive said, citing research, that more than 80% of security breaches are caused by weak or reused passwords. The typical password can be guessed by a computer in less than an hour. Additionally, 60% of users reuse their passwords across multiple platforms. Do the math; it leaves you vulnerable.
So what can you do? Take this advice, via the report:
When looking for a password management application, companies need to look for a vendor that has a track record of being proactive about security, being responsive to customers in terms of providing transparency, and also using the best available technology and best practices when it comes to how they manage the product.