https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-mana...




Dan Goodin - 4/24/2021, 7:55 AM






As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, the app-maker told customers.

In an email, Passwordstate creator Click Studios told customers that bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers. The file, named “moserware.secretsplitter.dll,” contained a legitimate copy of an app called SecretSplitter, along with malicious code named "Loader," according to a brief writeup from security firm CSIS Group.

Who trusts password managers?

I have used Roboform for many years ...No Issues so far!

Redmond Neck wrote on Oct 17^th, 2022 at 2:14pm:


https://cybernews.com/best-password-managers/roboform-review/


Is RoboForm safe?

Yes, RoboForm is extremely secure. Its server is encrypted with AES256, which is about the strongest encryption around. All RoboForm data is encrypted and decrypted locally, never on servers. This is the case whether you’re accessing your data via the RoboForm web portal, the local application, or your browser extension. A single master password, which you must set and remember, holds the key to all of your data. Finally, RoboForm has a range of security features to help keep your passwords safe.

This does not mean it is infallible though. Hackers always look for weaknesses while the best password managers fight to improve. The most obvious weakness is the user. After all, if you don’t use a strong master password, or give it up to someone untrustworthy, then you may well be in trouble.

Many years ago I listened carefully to Edward Snowden.
When he worked in the USA for the Govt. -
he was able to read anyone's email in the world – even the POTUS.
Also – any company can be forced by the Govt. to assist them to spy on you.
Read the terms and conditions of any site and there always an admission
that they will comply with all legal requests by Govts. or courts.
You have to assume that your computer and everything you do online
is compromised by Govt. authorities and that hackers can also use
some of their techniques to break in as well since there are
secret back doors on all software – even if indirectly via Windows and Microsoft.

Captain Nemo wrote on Oct 17^th, 2022 at 2:35pm:


Snap. I run it from a usb stick and of couse a long pw is needed to open passkeep

Setanta wrote on Oct 17^th, 2022 at 6:46pm:



You have to ask yourself -
why would anyone spend so much time and effort to
write complicated encryption software and then give it away for free?   

Setanta wrote on Oct 17^th, 2022 at 7:14pm:



Would you know if they were opening any ports and
downloading all the secrets from your hard drive including your passwords?