2 min read

Samsung Galaxy S5 owners can unlock LastPass with a keypress - but is that wise?

Graham CLULEY

April 30, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Samsung Galaxy S5 owners can unlock LastPass with a keypress - but is that wise?

Popular password manager service LastPass has announced that it has introduced a new feature for Samsung Galaxy S5 users: Fingerprint scanning.

Yes, a simple fingerprint can now unlock your LastPass vault if you have the right Android phone.

Here’s how LastPass announced the new support for biometric security:

The updated version of LastPass` Android app leverages the Galaxy S5`s fingerprint sensor for a faster, more secure way to login to accounts.

After initially logging into LastPass, users will be able to access stored password information with a swipe of their finger. Instead of typing in their master password each time, any time a user is prompted for their password or PIN, they will have the option to quickly unlock secure information using only their fingerprint.

But is that better than protecting your password vault with a complex, hard-to-crack password?

I’d be a little concerned, because researchers have already demonstrated that it is remarkably easy to trick the Samsung Galaxy S5’s fingerprint sensor (as they had previously proven with the iPhone 5S).

The German researchers who revealed the weaknesses of the Galaxy S5’s fingerprint sensor claimed that it suffered from multiple weaknesses.

The good news is that LastPass is, at least, not turning on this feature by default and explains in its post that you do have to log into your LastPass vault at least initially in the regular fashion.

It’s only when you are subsequently prompted for confirmation of your password or a PIN that you will have the option of offering a fingerprint scan instead. The requirement for the initial master password to be entered in the conventional way should at least reduce the risk here.

And managing risk is key to the whole decision of whether you use a password manager or not.

In an ideal world, password managers wouldn’t be necessary – because you would be able to remember all of your different passwords.

But it’s not an ideal world.

I strongly believe that the vast majority of internet users would benefit from using a password manager. Password managers are the cool software programs that remember all of your different passwords for you, and store them securely to keep them out of the hands of bad guys.

Password managers are the reason why I don’t know my webmail password, or my password for Amazon, eBay, Twitter and some 800+ other websites.

All password manager users have to do is remember one “master password” to unlock the vault where their passwords are securely stashed away.

And, rather neatly, a good password manager can hook up with your web browser making your password for a particular site just one click away. It’s not just good security to use a password manager. It’s also convenient.

Of course, if a password management program was a nuisance to use it wouldn’t ever get used. Convenience is a good thing.

But the introduction of fingerprint scanning as a way of unlocking a password vault feels to me like it is possibly a convenience too far. I, for one, wouldn’t want my most sensitive accounts to be protected by a fingerprint instead of a master password.

Fingerprints are very different from passwords. Because, unlike passwords, you leave your fingerprints everywhere you go.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read