MacResource My Category Tips and Deals v
Password Managers vulnerable to severe attacks/hacks

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Password Managers vulnerable to severe attacks/hacks
pinkoos Offline
Unregistered
Posts: 9,619
Threads: 2,980
Joined: May 2025
#1
07-14-2014, 05:53 PM
Interesting Ars article:

http://arstechnica.com/security/2014/07/...-en-masse/

LastPass and a few others were named as vulnerable by the researchers. I didn't read the research paper so I don't know if 1Password was vulnerable as well, though I would think Ars would have mentioned it if it was.

I recently switched from LastPass to 1Password when they were having their huge sale and based on the recommendations of many here, particularly Robert M.
Find
Reply
N-OS X-tasy! Offline
Unregistered
Posts: 28,821
Threads: 209
Joined: May 2025
#2
07-14-2014, 06:01 PM
The article specifies that the vulnerability pertains to Web-based password managers. The fact that 1Password is not Web-based, combined with the fact that it is not specifically mentioned in the article, leads me to believe its security has not been compromised by this vulnerability.
Find
Reply
Robert M Offline
Posting Freak
*****
Posts: 18,006
Threads: 637
Joined: May 2025
Reputation: 2
#3
07-14-2014, 06:01 PM
Pinkoos,

Apparently, the topic of the study was web-based password managers like LastPass. 1Password, from my understanding, is not web-based. So, it may not suffer from the vulnerabilities. Then again, that might not be the case if you use the browser extensions. Agilebits should respond to the article to confirm whether or not 1Password suffers from vulnerabilities. This reaffirms one of the reasons why I've never been a fan web-based password managers.

Robert
Find
Reply
pinkoos Offline
Unregistered
Posts: 9,619
Threads: 2,980
Joined: May 2025
#4
07-14-2014, 06:04 PM
Ah, that's a good point that I had glossed over - yes, I don't think 1Password is web-based. It's local, right?
Find
Reply
Robert M Offline
Posting Freak
*****
Posts: 18,006
Threads: 637
Joined: May 2025
Reputation: 2
#5
07-14-2014, 06:06 PM
Pinkoos,

Yes. I'm 100% positive 1Password is local. But, the 1Password data file can be stored on a cloud service like Dropbox. But, it's encrypted. SO, that's not an issue. I'd be concerned about the browser extensions, though. They could very well be vulnerable. That's why I'd like to see AgileBits respond to the article.

Robert
Find
Reply
Black Offline
Still trying to go broke saving money
*****
Posts: 41,910
Threads: 3,655
Joined: May 2025
Reputation: 8
#6
07-14-2014, 09:13 PM
So password managers don't just seem like a bad idea, they actually are a bad idea?
Find
Reply
Robert M Offline
Posting Freak
*****
Posts: 18,006
Threads: 637
Joined: May 2025
Reputation: 2
#7
07-14-2014, 09:18 PM
Black,

No. Most of the companies behind the systems that were compromised already fixed them. One apparently didn't respond to the notification about the vulnerability. That and 1Password and other password managers may not be affected by the problems at all.

Robert
Find
Reply
modelamac Offline
Posting Freak
*****
Posts: 6,487
Threads: 54
Joined: May 2025
Reputation: 0
#8
07-14-2014, 09:50 PM
Black wrote:
So password managers don't just seem like a bad idea, they actually are a bad idea?

Not true. It does not follow that if web-based password managers have a weakness, that all password managers have a weakness.
Find
Reply
sekker Offline
Posting Freak
*****
Posts: 33,855
Threads: 2,463
Joined: Apr 2025
Reputation: 0
#9
07-14-2014, 11:04 PM
Black wrote:
So password managers don't just seem like a bad idea, they actually are a bad idea?

I think even vulnerable password managers are better than the way most people work - sticky notes or simple passwords!

At the same time, I use 1password myself.
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)