It has been reported that researchers at the University of York have shown that some commercial password managers (depending on the version) may not be a watertight way to ensure cybersecurity. After creating a malicious app to impersonate a legitimate Google app, they were able to fool two out of five of the password managers they tested into giving away a password. The research team found that some of the password managers used weak criteria for identifying an app and which username and password to suggest for autofill. This weakness allowed the researchers to impersonate a legitimate app simply by creating a rogue app with an identical name.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Robert Capps, VP , provides expert commentary at @Information Security Buzz.
"Luckily, companies are moving away from using only a username and password for authentication...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-advise-on-commercial-password-managers-vulnerable-to-attack-by-fake-apps
Facebook Message
@Robert Capps, VP , provides expert commentary at @Information Security Buzz.
"Luckily, companies are moving away from using only a username and password for authentication...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-advise-on-commercial-password-managers-vulnerable-to-attack-by-fake-apps