A recently released hacking tool silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to an unencrypted file.
The new hacking tool, called KeeFarce, targets KeePass, but there’s little stopping developers from designing similar apps that target virtually every other password manager available today. When KeeFarce runs on a computer where a logged in user has the KeePass database unlocked, KeeFarce decrypts the entire database and writes it to a file that the hacker can easily access.
Similar weaknesses exist in all password managers and is one of the reasons why I have never used a password manager. The idea of keeping all your passwords in one place simply strikes me as a very bad idea. Any password manager automatically becomes a single point of failure. Anyone with the know-how could potentially develop a tool similar to KeeFarce that takes advantage of a compromised computer and, as a result, can extract all of a password manager’s data. There are safer ways to keeping your passwords safe.
Categories: Offline Privacy & Security