LastPass, the popular password management tool, has been patched to fix a security flaw that could have left the passwords of Internet Explorer users potentially exposed.
Regular readers will know that I am a big proponent of computer users protecting themselves with tools like Bitwarden, 1Password, and KeePass to help remember and generate unique passwords for every website they use.
It’s a lot better, for instance, than trusting your web browser to remember your password.
But it is essential, of course, that these password management programs are secure - and not leaking sensitive information.
As PC Magazine describes, a flaw was found in the Windows Internet Explorer version of LastPass that meant passwords could be read in plaintext if a memory dump was performed on Internet Explorer.
Fortunately, there are some mitigating circumstances, as the folks at LastPass described to PC Magazine:
“This particular issue would be extremely difficult to exploit - requiring that you be using IE, that you’ve logged in to LastPass to decrypt your data, perform a memory dump, hunt through the memory dump, and actually locate the passwords - we have made fixing this a priority because we value the privacy and security of our users’ data above all else.”
Nevertheless, LastPass responded quickly - and included a security patch for the problem (alongside other fixes) in an important update.
Although this incident is undoubtedly embarrassing for LastPass, I still recommend password management software for all internet users. Keep them updated, and you should find them a heck lot safer than trying yourself to remember secure passwords for every website you access.