Security news aggregator

Latest coverage for Password Manager

Password managers store and generate credentials, helping reduce password reuse while creating security risks if a vault or master key is compromised.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Password managers are applications or services that generate, store, and fill credentials from an encrypted vault. Access typically depends on a master password, sometimes supplemented by multi-factor authentication (MFA); this lets each account use a long, unique secret without requiring users to memorize it. Some also store passkeys, recovery codes, or other sensitive notes, making the vault a high-value asset.

Security depends on both cryptography and surrounding software: a compromised desktop client, browser extension, synchronization service, or malicious update could expose secrets, while a weak master password or unsafe recovery process can undermine the vault. Origin-aware autofill can reduce phishing exposure, but users should verify login domains and avoid importing or sharing credentials unnecessarily. Practitioners should examine encryption and key handling, MFA and recovery controls, update history, breach disclosure, logging, and enterprise offboarding and credential-rotation features.

Showing 1 most recent headlines Filtered view
Krebs on Security 4 years ago

Experian, You Have Some Explaining to Do

Twice in the past month KrebsOnSecurity has heard from readers who've had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim's personal information and a different email address.