Popular password managers auto-filled credentials on untrusted websites


UPDATED Multiple password managers may be misled into auto-filling credentials on dubious websites due to security flaws, security researchers at Google warn. On Tuesday, January 17, the Google team made its discoveries available to the public, 90 days after alerting Dashlane, Bitwarden, and the integrated password manager included with Apple’s Safari browser to the flaws. Although Dashlane, at least, is not persuaded that the problem poses any type of security danger, Bitwarden and Dashlane have both upgraded their software. As of this writing, there is no indication on the status of any remedy for Apple’s built-in password manager in Safari. The Daily Swig has contacted Apple for comment, and we’ll update this article when new details become available.

Read More…