Skip to main content

Passwords managers easily compromised by illegitimate apps

(Image credit: Image source: Shutterstock/scyther5)

Many password managers can be duped by a simple Google lookalike app, according to research conducted by the University of York.

Researchers created a mock-up of a legitimate application and presented it to a number of popular password managers, said ITPro. In 40 percent of cases, the password manager presented login credentials to the fake application.

Reportedly, the main problem is how password managers identify a legitimate app. Researchers fear criminals could distribute false applications through phishing attacks and steal passwords with “relative ease”.

The possibility of such an attack means it's important to remain vigilant and double-check links and attachments received through email and other means of communication.

Security experts have advised email users unsure about the veracity of a message to contact the sender via another avenue to double check. Two-factor authentication can also offer an additional measure of protection.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.