Passwords can be a chore; even those who laud the security offered by password protection for accounts and devices acknowledge that many people don’t like having to invent and memorize secure passwords. It’s exactly that perspective that leads some people to use password managers such as LastPass or KeePass to store their account passwords and eliminate the hassle.

But the convenience comes with a risk.

When you use a password manager, you’re creating a single point of failure for the security of all of your accounts. Every password you store in LastPass, KeePass, or other programs is protected only by your password manager credentials. If someone cracks or steals your password or hacks the password manager, your credentials are exposed to cyber criminals who can do no end of harm with your bank account information or your Social Security number.

And that’s exactly what could happen to you if you use KeePass. Hackers are circulating KeeFarce, a program designed to steal passwords from KeePass by adding malicious code as KeePass runs. This new program allows hackers to harvest your account credentials, store them in plain text, and then steal that file from your device. Even scarier, KeePass isn’t the only password manager open to this kind of exploit.

Anybody who uses KeePass is urged to wipe the program’s data and delete it from their computer. Those using other passwords are encouraged to use it only for unimportant accounts. Don’t store your financial or UDelNet credentials in these programs.

Under no circumstance should your UDelNet credentials be stored in a password manager. Keep your UDelNet password secure: commit it to memory and never allow apps or browsers to manage it for you.

For more information about KeeFarce, read this Help Net Security article:
http://www.net-security.org/secworld.php?id=19060