You should change your password manager’s clipboard settings now

PSA: Password managers are probably the most secure way to create and manage secure passwords, but they aren’t bulletproof. Perhaps one security setting in particular is a bit lenient in some managers, which could give attackers a way to grab users’ passwords in certain situations.

If you use a password manager, you should definitely check the setting that controls how quickly it clears text copied from the clipboard because getting information from this site is a common tactic of malicious actors.

Some Password managers Like Bitwarden, Keeper does not clear the clipboard on their default settings. This means that once you use a password with any of these managers, your username and password will remain on the clipboard indefinitely, accessible from any other application on your system. Computer scientist Writes Using the cloud clipboard can allow other applications to access that information even if users don’t paste the text.

The setting to have the password manager clear the clipboard after a specified period of time can be found under Settings in Keeper and NordPass and Settings > Options in Bitwarden. You can find it in each manager’s desktop app, mobile app, or browser extension. NordPass defaults to 30 seconds, and other password manager developers would be wise to change their default settings to something similar.

Two password managers have suffered attacks over the past few months including LastPass, which was success in December. The company initially said it wasn’t a cause for concern among regular users, but later that month revealed that attackers had gained access to encrypted usernames and passwords. Decrypting the passwords might require a determined hacker, but it’s not impossible. LastPass users should at least change their passwords and possibly consider another password manager.

Earlier this month, Norton Password Manager I held up A less serious attack, but still disturbing. Someone used a credential stuffing attack to make mass login attempts using a combination of stolen usernames and passwords in other data breaches. Unlike the LastPass incident, no one breached Gen Digital’s (formerly Symantec and NorthLifeLock) internal systems, and anyone using two-factor authentication should be safe.

While changing the password manager’s clipboard setting, it’s also a good idea to take a tour of the other security settings. They allow users to control things like login methods, how often the administrator locks themselves, how they handle authentication keys, and other important features.

Source link

Related Posts