Elcomsoft Distributed Password Recovery 3.40 adds support for some of the most popular password managers including 1Password, KeePass, LastPass and Dashlane, enabling customers to attack master passwords protecting users’ stored passwords. Attacking and recovering a single master password can potentially give access to dozens, if not hundreds passwords to a wide range of resources that are kept in the encrypted database.
Elcomsoft Distributed Password Recovery 3.40 is updates with support for major password manager apps including 1Password, KeePass, LastPass and Dashlane, allowing to attack a single master password in order to gain access to stored authentication credentials. Since not all password managers are equally secure, reasonably fast attacks might be possible. Attacking and recovering the single master password can open access to authentication credentials stored in the password manager’s encrypted database.
The full list of password managers supported by Elcomsoft Distributed Password Recovery 3.40 includes:
Password managers are designed to help users store, organize, and use passwords. The use of password managers relieves users from having to memorize a number of unique, strong passwords, allowing them to provide secure authentication credentials without reusing the same password on different resources. Most password managers keep authentication credentials (logins, passwords and other data) in a database, and use a user-provided master password to securely encrypt that database.
How password managers affect overall security is debatable. On the one hand, using unique, secure passwords for different accounts is strongly recommended for security reasons. On the other hand, if the one master password is compromised or can be recovered, the attacker gains access to the full and complete database containing all user’s passwords and authentication credentials.