Security Experts Issue Warning About Using Password Managers on Your Phone
Remembering all the passwords for your accounts is a difficult task, and that’s where password managers help you keep all your passwords in one place. However, security experts have warned of a major problem with password management that could expose your credentials to any bad actors who can exploit a loophole in these apps.
This was reported by researchers at the International Institute of Information Technology (IIIT) in Hyderabad, India, during the Black Hat conference in Europe. So what is the problem with password managers that affects millions of users?
Researchers have talked about a vulnerability called “autospill” related to the auto-fill password feature of Android phones. Google has set up a WebView page where the autofill password works without opening a web browser.
The autospill problem confuses password managers about where the password is autofilled, and this is where these apps can leak passwords into the base app accidentally, researchers are quoted in this report. Worryingly, popular password managers such as 1Password, LastPass, Keeper, and Enpass have been tested and reported with this error. These apps were tested on Android phones with the latest software update.
The developers of these apps and Google have been informed of the bug and have talked about a fix, meanwhile warning users about the dangers of the autospill issue.
Some password managers aren’t sure whether the findings are setting off alarm bells, and are looking to researchers for more information to get to the bottom of the problem. So far the issue has been reported on Android as they have only tested it on Android devices. But soon the researchers will test the problem on iOS devices as well.