The Emperor’s New Password Manager: Security Analysis of Password Managers
Friday, April 24, 2015
9:00 AM – 9:50 AM
Session abstract: We conducted a security analysis of popular web-based password managers. Unlike local password managers, web-based password managers run in browsers. We identify four key security concerns and representative vulnerabilities. Our attacks are severe: in four out of the five password managers we studied, attackers can learn credentials for arbitrary websites. This work is a wake-up call for developers.
Speaker: Zhiwei Li, Research Scientist @ Shape