Security Reasons You Should Ditch Your Browser Password Manager

Remembering passwords for all your accounts is a difficult task and that's where a password manager helps you keep all passwords in one place. But security experts have warned of a major problem with password managers that could expose your credentials to any bad actor who could take advantage of loopholes in these apps.

The issue was reported by researchers at the International Institute of Information Technology (IIIT) in Hyderabad, India, during the Black Hat Conference in Europe. So what is the problem with password managers that affects millions of users? Researchers have talked about a vulnerability called 'autospill' which is linked to the autofill password feature available on Android phones. Google has set up a web view page where autofill passwords operate without opening a web browser.

The autospill issue confuses password managers about where to autofill passwords, and this is where these apps can accidentally leak passwords into the base app, the report cited researchers. Worryingly, popular password managers such as 1Password, LastPass, Keeper and Enpass have been tested and reported to have this flaw. These apps were tested on Android phones with the latest software update. The developers of these apps and Google have been informed about the flaw and have said they are working on a fix, while warning users about the dangers posed by the autospill issue.

Some password managers aren't convinced the findings ring any alarm bells and are seeking more details from researchers to get to the root of the problem. This issue has been reported on Android so far as they have only tested it on Android devices. But soon, researchers will test the problem on iOS devices as well.