• Password managers keep your passwords safe, unless… I’m a big advocate of password managers. • Granted, there are better alternatives for passwords likepasskeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. • So, for the time being we seem to be stuck with passwords. • Every reputable password manager claims that they can’t see your passwords, even if they wanted to. • Butresearchershave found that these “zero‑knowledge” cloud password managers are more vulnerable than their marketing suggests. • The researchers also warn that this is not an immediate cause for panic.

Article Summaries:

  • Researchers have identified several security weaknesses in popular “zero‑knowledge” cloud‑based password managers such as LastPass, Bitwarden, and Dashlane. The flaws-ranging from insecure group‑key handling and weak encryption on compromised servers to exploitable account‑recovery settings and legacy backward‑compatibility modes-could, in theory, allow attackers to recover vault keys if a server is fully compromised. However, the researchers note that such attacks would require rare, high‑level failures and are not an immediate threat to ordinary users. Many of the identified issues have already been patched following responsible disclosure, leaving cloud managers still safer than password reuse or spreadsheets.
  • I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password manager claims that they can’t see your passwords, even if they wanted to. But researchers have found that these “zero‑knowledge” cloud password managers are more vulnerable than their marketing suggests. The researchers also warn that this is not an immediate cause for panic. For a full‑on password leakag

Sources: