Password managers less secure than promised
ethz.ch
Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
  • CardboardVictim@piefed.socialEnglish
    36·
    7 days ago

    For people interested there were 3 cloud based password managers tested and this is what they found

    The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane.

    • Appoxo@lemmy.dbzer0.comEnglish
      3·
      6 days ago

      What I am wondering myself: Do the different amount of attacks mean the attack surface was greater or had more vulnerabilities or what made them only do 6 on Dashlane vs 12 on Bitwarden?

      Edit:
      In another article it was total identified vulnerabilities.

    • stephen01king@piefed.zipEnglish
      3·
      7 days ago

      Unfortunately they don’t explain what the attacks were in the article. Gonna need to find the paper to know.

    • artyom@piefed.socialEnglish
      31·
      7 days ago

      Yes but unfortunately nothing specific about the strength of any particular option.