This popular password manager has a flaw that could expose your master password — what to do

Hacker on PC
(Image credit: Getty Images / Matic Grmek)

The best password managers are designed to keep the dozens or hundreds of passwords you have safeguarded behind one critical password that you need to remember, so a flaw that gives up that primary password is about as bad as things can get.

That is precisely the situation that users of the popular password manager KeePass are faced with currently, as a security researcher uncovered an exploit that could allow a hacker to obtain a victim's master password in plaintext which would potentially give them access to the victim's entire library of passwords (via TheHackerNews).

 The one caveat to this exploit is that it does require that the hacker already has compromised the victim's laptop or desktop, but once that is met this is about the worst-case scenario as it gives the hacker access to every service or account stored in your password manager. 

KeePass has acknowledged the flaw and is hoping to address it with a version 2.54 update that is expected to come in early June. KeePass further asserts that the "password database is not intended to be secure against an attacker who has that level of access to the local PC." Regardless of whether you find that credible or not, the fact that it is looking to address it with an update as soon as possible at least indicates that it doesn't find the behavior acceptable.

2FA YubiKey

(Image credit: Laptop Mag)

How to protect your KeePass passwords

If you are running one of the best antivirus apps then it should help ensure that your system isn't infected already, which again is a necessary step for a hacker to use this KeePass exploit. The exploit also requires that you type the password into your keyboard, so copying it over from a clipboard would also circumvent the problem.

Failing that you still have another potential defense though if you are using two-factor authentication (2FA) with KeePass. With 2FA enabled even if a hacker has your master password they would be unable to access your KeePass passwords as the second factor will be something only you have, whether it's a physical key like a YubiKey or an Authenticator app.

More and more services are requiring 2FA and we strongly recommend using it wherever possible to help ensure you and your accounts remain safe and secure online.

Category
Arrow
Arrow
Back to MacBook Air
Brand
Arrow
Processor
Arrow
RAM
Arrow
Storage Size
Arrow
Screen Size
Arrow
Colour
Arrow
Screen Type
Arrow
Condition
Arrow
Price
Arrow
Any Price
Showing 10 of 452 deals
Filters
Arrow
Load more deals
Sean Riley

Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more.  Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.