acm-header
Sign In

Communications of the ACM

Home/News/Researchers Expose Vulnerabilities of Password Managers/Full Text
ACM TechNews

Researchers Expose Vulnerabilities of Password Managers

By University of York (U.K,)
March 20, 2020
Comments
View as: Print Mobile App Share:
Artist's impression of a password manager.

University of York researchers have demonstrated that some commercial password managers may not completely protect users.

Credit: pcmag.com

Researchers at the University of York in the U.K. have demonstrated that some commercial password managers may not completely protect users.

The team created a malicious app to impersonate a legitimate Google app and was able to fool two out of the five password managers it tested into revealing a password.

Some password managers tested used weak criteria for identifying an app and which username and password to suggest for autofill; others did not have a limit on the number of times a master PIN or password could be entered.

York's Siamak Shahandashti said the researchers suggest password managers “need to apply stricter matching criteria that is not merely based on an app's purported package name."

FromUniversity of York (U.K,)
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account