"The BSI, the German government agency focused on IT security, has issued a harsh verdict on some password managers. It examined ten of them and concluded that three are not secure enough. With Google Chrome, mSecure, and PassSecurium, vendors can theoretically access stored passwords. In any case, the use of a password manager is essential, according to the institute. The Bundesamt für Sicherheit in der Informationstechnik (BSI) conducted an extensive analysis in collaboration with the FZI Research Center for Information Technology."
"Five password managers do not allow providers to access the data: 1Password, Avira Password Manager, Keepass2Android, KeePassXC, and Mozilla Firefox Password Manager. "If the password manager stores data in the cloud, users need to find out where the storage location is and the level of protection offered by the provider," according to the BSI. The study also reveals other shortcomings. Only four of the ten tools examined use completely secure, correctly configured cryptographic algorithms in accordance with the BSI TR-02102-1 guideline."
The BSI analyzed ten password managers with the FZI Research Center and found that three providers can theoretically access stored passwords: Google Chrome Password Manager, mSecure Password Manager, and PassSecurium. For SecureSafe PasswordManager and S-Trust Password Manager the presence of provider access could not be determined. Five tools prevent provider access: 1Password, Avira Password Manager, Keepass2Android, KeePassXC, and Mozilla Firefox Password Manager. Only four products used fully secure, correctly configured cryptographic algorithms per BSI TR-02102-1, and eight did not fully re-encrypt containers after a master-password change. Users should verify cloud storage locations and enable a separate sync passphrase in Chrome.
#password-manager-security #provider-access-risk #cryptographic-configuration #cloud-storage-location
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]