Have you always wondered about using that online password management system that you keep seeing advertised on websites you visited? Or do you already use a web based online password manager account to store all of your complicated passwords that you usually have to remember? I have always been very leery of using such a system for managing my trusted account passwords.
Well, millions of users have trusted these online web based password manager systems for their passwords. Unfortunately, web based password managers have recently been discovered to be very vulnerable to cyber-attacks. One out of five online web based password management systems is found to be insecure. The vulnerabilities would allow bad actors access to your online credentials.
In the business world today, as well as personal accounts, many have been advised to use password managers to make password management easier. There are products that are susceptible to these vulnerabilities as discussed. Four web based password management sites were recently examined by security researchers. They determined that they had plenty of critical flaws. The researchers believe that it is only a matter of time before bad actors are able to exploit these vulnerabilities. The bad actors would be able to steal all passwords for users at one time. Researchers used programs such as The Automated Validation of Internet Security Protocols and Applications (The AVISPA Project) to track and analyzed the encryption once a password has been retrieved and used for encrypting a message and accessing accounts.
One of the major problems is that the web based password management system uses the cloud as the secure storage medium of your passwords. Unfortunately, cloud based storage from these password management sites open holes that bad actors can exploit. The vulnerabilities exist in the use of one-time use passwords, bookmarklets and shared passwords.
One of the other problems with the discovered vulnerability of password management systems is that most of the security models are disorganized and or quite often misunderstood by the developers once the password management system has been established. Therefore, once you use a password online management system you place your accounts and credentials in a database that has a single point of failure. Thus, it is like losing your key without a having a possible replacement. The failure of the user not vetting their online web based password management system could be dire as a result.
Document: The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers