قالب وردپرس درنا توس
Home / Technology / Security researchers recommend against LastPass after detailing 7 trackers

Security researchers recommend against LastPass after detailing 7 trackers



After the security researchers detailed the seven trackers found in the Android application, they recommend using the LastPass password manager. Register report. Although there is no suggestion that the tracker analyzed by the researcher Mike Kuketz is transmitting the user’s actual password or user name, Kuketz said that the existence of a tracker is unwise for applications that deal with the security of such sensitive information. practice.

In response to this report, a LastPass spokesperson stated that the company collected limited data on “how LastPass is used” to help it “improve and optimize the product.”

;Importantly, LastPass told Register “It is impossible to pass any sensitive personally identifiable user data or vault activity through these trackers”, and users can opt out of analysis in the “Privacy” section of the “Advanced Settings” menu.

LastPass’s trackers include four trackers from Google for processing analysis and crash reports, and a tracker from a company called Segment, which allegedly collects data by the marketing team. Cookz analyzed the data being transmitted and found that it contained information about the make and model of the smartphone, as well as information about whether the user has enabled biometric security. According to Kuketz, even if the transmitted data is not personally identifiable, simply integrating these third-party codes together may bring the possibility of security vulnerabilities.

“If you actually use LastPass, I suggest you change your password manager,” Kuketz wrote (via machine translation). “Some solutions cannot permanently send data to third parties and record user behavior.”

LastPass is not the only password manager that includes such trackers, but it seems to have more than many popular competitors. According to Exodus Privacy, there are only two free alternatives to Bitwarden, while RoboForm and Dashlane have four, while 1Password does not.

The report follows the announcement of LastPass to severely restrict the features of its free tier. Although free users can currently store an unlimited number of passwords between devices without limitation, unless they want to pay, they will soon have to choose a type of device to view and manage their “mobile” or “computer” password. service. The changes will take effect on March 16.


Source link