Password management apps are supposed to keep your numerous passwords safe and secure from hackers. In the past when passwords were hacked, the recommendation was to use a password manager to make sure that everything was in place.
But this may not be the safest way to keep passwords anymore. This past week, LastPass and Apple’s password managers were hacked causing some major problems for users of both systems.
A Big Password Mess
Researchers recently discovered that it’s not terribly difficult to get apps listed in the Mac App Store - even if those apps are infected and exist for the sole purpose of stealing passwords. Existing apps that have the sole purpose of stealing passwords already exist in the store, and those apps are great at stealing passwords from Apple’s password keychain. Some of the apps discovered can also break into other apps stealing passwords, and can learn how one app launches in order to extract data.
Apple was notified of these gaps in security nearly six months ago, but the company has done little to prevent additional apps from being accepted into the Mac App Store. Aside from the fact that the App Store isn’t terribly picky when it comes to accepting apps that are dangerous, the other problem here is that apps that are meant to keep passwords like 1Password can be hacked into by other apps, and data can be stolen. In short, password managers used through the Mac App Store are no longer safe.
Additional Password Management App Hacks
LastPass is, possibly, the best know password manager out there. It’s also the password manager that tech experts recommend people use instead of making up passwords or trying to remember all of those passwords. So what happens when the password manager that is tried and tested and recommended gets hacked? Chaos happens. LastPass posted a message on its blog and to all users that the company’s database was breached.
Due to the database breach, account information for various user accounts was stolen. However, this does not mean that your password was necessarily stolen. Even though the database was hacked, the company still has enough layers of security in place to prevent hackers from stealing individual passwords - mostly because a hacker would have to guess at the various layers of questions and answers people using LastPass have to set up in order to use the app. However, this is not good news for a password manager that’s supposed to be secure.
Keeping Your Passwords Safe
What can you do if you use a password manager that has now been hacked? Well, first find out if your information was truly stolen (just because a company’s database has been breached doesn’t mean that your passwords were taken). Then, look for a password manager that has multiple layers of protection.
Clearly, passwords managers aren’t safe from hackers, but if you find one that has enough security measures, hackers won’t be able to guess at your password even if a database has been hacked. Otherwise, keeping a handwritten list of passwords might be your best option against having your passwords stolen.