Skip to main content

Passwords managers easily compromised by illegitimate apps

(Image credit: Image source: Shutterstock/scyther5)

Many password managers can be duped by a simple Google lookalike app, according to research conducted by the University of York.

Researchers created a mock-up of a legitimate application and presented it to a number of popular password managers, said ITPro. In 40 percent of cases, the password manager presented login credentials to the fake application.

Reportedly, the main problem is how password managers identify a legitimate app. Researchers fear criminals could distribute false applications through phishing attacks and steal passwords with “relative ease”.

The possibility of such an attack means it's important to remain vigilant and double-check links and attachments received through email and other means of communication.

Security experts have advised email users unsure about the veracity of a message to contact the sender via another avenue to double check. Two-factor authentication can also offer an additional measure of protection.