Security news aggregator

Latest coverage for Password Manager

Password managers store and generate credentials, helping reduce password reuse while creating security risks if a vault or master key is compromised.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Password managers are applications or services that generate, store, and fill credentials from an encrypted vault. Access typically depends on a master password, sometimes supplemented by multi-factor authentication (MFA); this lets each account use a long, unique secret without requiring users to memorize it. Some also store passkeys, recovery codes, or other sensitive notes, making the vault a high-value asset.

Security depends on both cryptography and surrounding software: a compromised desktop client, browser extension, synchronization service, or malicious update could expose secrets, while a weak master password or unsafe recovery process can undermine the vault. Origin-aware autofill can reduce phishing exposure, but users should verify login domains and avoid importing or sharing credentials unnecessarily. Practitioners should examine encryption and key handling, MFA and recovery controls, update history, breach disclosure, logging, and enterprise offboarding and credential-rotation features.

Showing 3 most recent headlines Filtered view
Krebs on Security 1 year, 4 months ago

Feds Link $150M Cyberheist to 2022 LastPass Hacks

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.