If you’ve followed us for very long, you know we think password managers are a smart move. Rather than reusing passwords among sites, or picking terribly simple passwords, or writing them down, allowing a password manager to generate and store your passwords and passphrases is a win.
This week, however, LastPass has been in the news, and it hasn’t been good. It seems Tavis Ormandy, security researcher at Google and crusher of software developers everywhere, discovered several security holes in LastPass’s software and extensions for Chrome and Firefox. The bugs ranged from leaking security credentials to remote code execution. In other words, Tavis could execute an application (in his example, calc.exe) on your computer by exploiting this flaw.
The bugs and their fixes are detailed in a blog post LastPass posted on March 22, 2017. You can view it here.
The bugs did not affect mobile clients, only desktop extensions.
Here’s the bottom line: Go to LastPass’s web site and download (and execute) the updates for their software.
Here’s the P.S. at the end: We still think password managers are smarter than managing them manually. We still think LastPass is a great password manager. No software is – or ever will be – perfect. LastPass was responsive in handling the bugs. That’s the most you can hope for.
Does this make you less willing to use a password manager? Are you considering switching to another? What password manager do you use?
Leave a comment, below.