Following the news that researchers TeamSIK found flaws with all top nine password manager apps that can be downloaded from the Google Play Store, Barry Scott, CTO at EMEA Centrify commented below.
Barry Scott, CTO at EMEA Centrify:
“This is not the first, or last time, that password managers will face major security issues, but perhaps the biggest security concern is still users themselves – and that means us! The fact remains that anyone using a password as the sole means of authentication to a website, whether at home or at work, is putting himself or herself (and maybe their company) at risk.
Even using complex passwords, users should always take advantage of multi-factor authentication (MFA) to protect the password with another layer of security, and if a particular site doesn’t offer MFA, users should lobby the site to include the feature or move to another provider.
Rather than relying on password managers to mitigate the inherent weaknesses in passwords as a means of authentication, businesses should also invest in comprehensive identity management solutions that provide single sign-on (SSO) to all of their corporate applications and accounts, as well as incorporating MFA. Employees can have secure access to everything they need from wherever they are and, more importantly, do not need to store or remember any of their passwords.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.