Good advice to only run your password manager as needed. Don't keep it open while websurfing, etc. (ironically that is when most of us will most not want to do this ;/ )



Originally Posted by Password Manager study highlights potential leak issues
The paper Password Managers: Under the Hood of Secrets Management looked at how the password managers 1Password, Dashlane, KeePass and LastPass handle secrets, and if it is possible to retrieve sensitive information.

The researchers https://www.securityevaluators.com/casestudies/password-manager-hacking/ analyzed the three states "not running", "unlocked state", and "locked state". Main conclusions were that all password managers protected data just fine in not running state.

Not running refers specifically to a session in which the installed password manager was not launched or terminated by the user after launch...


See page for more information and some useful user tips for both Windows and Linux platforms.

other related page; How to improve KeePass security

---

btw; What I would I would find more troubling if I were paranoid and using Windows
Quote

The author of KeePass noted some time ago that the Windows operating system may create copies in memory that KeePass has no control over.

Windows and .NET may make copies of the data (in the process memory) that cannot be erased by KeePass






Last edited by FsFOOT; 02/26/19 05:34 AM. Reason: btw; read the last quote
Roy's EAW AddonsEAW HSEAW Tally-Ho
Wine 🍜 SteamGoG