Password managers less secure than promised
ethz.ch
Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
  • WhyJiffie@sh.itjust.worksEnglish
    43·
    1 day ago

    Sure, but at the end of the day even if you don’t update your vaultwarden server or you rely on an insecure storage sync system like dropbox, your actual vault is encrypted with a key that only you know. Even if your server is hacked or the kdbx is leaked, your passwords are safe until someone breaks AES.

    not really the case: https://lemmy.ml/comment/24008121

    Contrast that with hosted services, who could very easily attach their own keys to your encryption key

    how would official Bitwarden be able to accomplish that? apart from this vulnerability, they can’t use their servers to add their own keys.