Most businesses have spent a lot of time and money ensuring there are no security gaps, so all company and client information has been kept completely secure. This is especially important as technology progresses and companies start focusing more on cloud computing and storage. Unfortunately, there are some developers who may not agree with you, including KeePass2 Developer Dominik Reichl.
Irony in broken security software
When a flaw was found in the KeyPass2 system, Reichl refused to fix is stating that it would cost too much in “indirect costs.” According to Engadget, this basically means that there would be lost ad revenue if the patch was put in place, and that is something the app company is not willing to lose right now. KeyPass2 is a password management app that allows you to store all your passwords in one secure location.
Though your passwords are likely still safe in the program, the bigger problem is that the gap allows cyber attackers to deliver malware to your computer potentially causing bigger problems than a few lost passwords might cause. And now that it is public knowledge that KeyPass2 has a flaw that won’t be getting fixed, it is even more likely that hackers will take the time to specifically target the application.
It is fairly ironic that a company focused specifically on providing more security to passwords would allow for any kind of flaw in the system. To be fair, KeyPass2 is a free program available to users, so it makes sense that Reichl wouldn’t want to limit the only current way the program earns money. He did mention that a fix would be put in place as soon as it were possible giving hope that the developer is looking for ways to maintain ad revenue without sacrificing the security of current and future customers.
What you should do
If you currently are using KeyPass2, it is a good idea to switch to another password managing program for now until updates have been made to the current system. Though it may be understandable that Reichl needs to make some money off his program, you can’t risk losing personal or business data due to the gap in security through the program. Those who aren’t already using the password management system should look elsewhere to find something a little more secure.
On top of that, you need to make sure to work exclusively with businesses you trust to protect your data over everything else. It may cost more money if you have to pay for secure programs, but it is better to spend a little money and ensure the best cybersecurity than it is to try and go free and lose private data.