LastPass Bugs Spilled Every Password
Password managers are generally a much safer option than reusing the same password for every online account, but it doesn't take a genius to discern their major flaw. Keeping all of your passwords in one place means there's only one potential point of failure, which is how one security researcher fooled LastPass, the most widely used password manager, into giving him passwords to just about everything.
LastPass has since patched that flaw, as well as an unrelated one disclosed yesterday (July 26) to LastPass, but it's a salient reminder that password managers are a tool, not a panacea.
The first LastPass vulnerability was discovered a year ago by Mathias Karlsson, a Swedish independent security researcher associated with Detectify Labs. Karlsson discovered that the LastPass browser extension, at least on Google Chrome, left users wide open to password theft, thanks to a faulty URL auto-fill function.