Researchers at the University of York in the U.K. have demonstrated that some commercial password managers may not completely protect users.
The team created a malicious app to impersonate a legitimate Google app and was able to fool two out of the five password managers it tested into revealing a password.
Some password managers tested used weak criteria for identifying an app and which username and password to suggest for autofill; others did not have a limit on the number of times a master PIN or password could be entered.
York's Siamak Shahandashti said the researchers suggest password managers “need to apply stricter matching criteria that is not merely based on an app's purported package name."
FromUniversity of York (U.K,)
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found