Regular readers of this blog already know that I don’t recommend the use of password managers, for several reasons.
Well, a recently discovered security flaw in the popular KeePass password manager adds yet another reason to that list.
While the flaw in question doesn’t put the security of your passwords at risk directly, it does so indirectly by making it possible to accidentally download a malicious fake version of KeePass via the program’s normal update procedure.
I won’t go into the technical details of the vulnerability here since the page linked to above does it quite well, but I will tell you NOT to respond to any update notices for KeePass. In fact, you should probably just disable update notices in the program’s settings.
Better yet, I recommend keeping your password list off your computer and away from the “cloud” by forgoing the use of password managers altogether. I keep my password list written down on a sheet of paper (which I keep locked inside a fireproof lockbox).
If you like this post you can get my latest tips in my weekly RicksDailyTips Email Newsletter. Sign up for free at the bottom of this page!