A report by the Independent Security Evaluators (ISE) shows that many popular password managers store their master passwords in plain text, potentially exposing users’ data to hackers.
The ISE tested 1Password, Dashlane, KeePass, and LastPass on Windows, and found that all of these apps “fail in implementing proper secrets sanitisation”.
In its findings, the ISE said if these password managers are running on your computer, hackers can look in your PC’s memory to access your login details for the app.
Until the flaws are fixed, the ISE recommends that users don’t leave their password manager apps running in the background – and rather open and close the apps each time they are used.
The ISE said that when it comes to protecting yourself against hackers, there is no better alternative to typing out your password in a document.
However, the ISE maintains that password managers are valuable tools and “add value to the security posture of secrets management”.