Sign In

Communications of the ACM

ACM TechNews

Researchers Expose Vulnerabilities of Password Managers


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Artist's impression of a password manager.

University of York researchers have demonstrated that some commercial password managers may not completely protect users.

Credit: pcmag.com

Researchers at the University of York in the U.K. have demonstrated that some commercial password managers may not completely protect users.

The team created a malicious app to impersonate a legitimate Google app and was able to fool two out of the five password managers it tested into revealing a password.

Some password managers tested used weak criteria for identifying an app and which username and password to suggest for autofill; others did not have a limit on the number of times a master PIN or password could be entered.

York's Siamak Shahandashti said the researchers suggest password managers “need to apply stricter matching criteria that is not merely based on an app's purported package name."

FromUniversity of York (U.K,)
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found