259
Password managers are less secure than promised (ethz.ch)
submitted 3 months ago by Beep@lemmus.org to c/technology@lemmy.world
117 comments fedilink hide all child comments
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
top 50 comments
sorted by: hot top new old
[-] Kushan@lemmy.world 179 points 3 months ago

From the paper itself:

We had a video-conference and numerous email exchanges with Bitwarden. At the time of writing, they are well advanced in deploying mitigations for our attacks: BW01, BW03, BW11, BW12 were addressed, the minimum KDF iteration count for BW07 is now 5000, and their roadmap includes completely removing CBC-only encryption, enforcing per-item keys and changing the vault format for integrity. On 22.12.25 they shared with us a draft for a signed organisation membership scheme, which would resolve BW08 and BW09. At our request, to maintain anonymity, they have not yet credited us publicly for the disclosure, but plan to do so.

I didn't look at the response to other Password managers, but the gist here is that the article is overblowing the paper by quite a bit and the majority of the "issues" discovered are either already fixed, or active design decisions.

[-] 1984@lemmy.today 41 points 3 months ago* (last edited 3 months ago)

I was also just looking for bitwarden information. Its just the best password manager and has never failed to do its job.

I dont know what they mean with less secure than promised. I didnt expect them to be perfect, and havent read that they promise no security flaws.

[-] ftbd@feddit.org 40 points 3 months ago

They advertise that passwords are only stored on the server in encrypted form, meaning they couldn't read them even if they wanted to (or were forced to by a government agency) and you don't have to trust them not to. This paper shows that several vulnerabilities exist in the protocol which could be exploited by malicious code running on the server (injected by hackers or a government agency), which would then allow an attacker to obtain cleartext-passwords. So you do, in fact, have to trust the servers integrity.

[-] 1984@lemmy.today 17 points 3 months ago

Thank you for taking the time to understand and comment, very valuable.

[-] Uebercomplicated@lemmy.ml 7 points 3 months ago

The beauty of open source

[-] WhyJiffie@sh.itjust.works 7 points 3 months ago* (last edited 3 months ago)

but the gist here is that the article is overblowing the paper by quite a bit and the majority of the "issues" discovered are either already fixed, or active design decisions.

"fixed". only for new and updated passwords

https://lemmy.ml/comment/24008121

load more comments (1 replies)
[-] felbane@lemmy.world 117 points 3 months ago

tl;dr:

  1. If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)
  2. None of the providers tested have (or have had in the past) compromised servers.

and an observation or two:

  • Vaultwarden is free, self-hostable, and doesn't rely on trust in a third party.
  • Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.
[-] orclev@lemmy.world 57 points 3 months ago* (last edited 3 months ago)

Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.

And simultaneously less secure because it's up to you to handle keeping your vault synced between various devices and most people are significantly worse at keeping systems secure than the professionals at the password managers.

Self hosting a server of some kind or using something like Keepass on a single device (with offline backups) is the most secure option, but as usual with security doing so trades significant convenience for security. For most people who are uninterested in making sure their servers are kept up to date week to week letting professionals handle it is the better option.

[-] felbane@lemmy.world 10 points 3 months ago

Sure, but at the end of the day even if you don't update your vaultwarden server or you rely on an insecure storage sync system like dropbox, your actual vault is encrypted with a key that only you know. Even if your server is hacked or the kdbx is leaked, your passwords are safe until someone breaks AES.

Contrast that with hosted services, who could very easily attach their own keys to your encryption key (whether now or in the future at the behest of the state) and you'd be none the wiser. E2EE doesn't matter much when the other end is controlled by someone else.

I'm not disagreeing that most people just want something to work without thinking about, and for that reason I'm glad that services like bitwarden and lastpass and protonpass exist. My intent was not FUD, just shining a light on the fact that keeping your passwords secure does not require trusting a company.

load more comments (1 replies)
load more comments (6 replies)
load more comments (7 replies)
[-] unexposedhazard@discuss.tchncs.de 79 points 3 months ago

OMFG can people please fucking go away with this stupid "password managers are worthless" bullshit today. They are exactly as secure as promised, unless you went to the obviously shady ones that use web interfaces. People have been saying this for years, if you want security, keep your password manager offline.

[-] victorz@lemmy.world 14 points 3 months ago

So by that logic BitWarden is unsafe?

[-] unexposedhazard@discuss.tchncs.de 16 points 3 months ago

Yes, if you arent self hosting the web interface or using the desktop client.

load more comments (13 replies)
load more comments (3 replies)
[-] CardboardVictim@piefed.social 44 points 3 months ago

For people interested there were 3 cloud based password managers tested and this is what they found

The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane.

[-] sexy_peach@feddit.org 9 points 3 months ago

Is there a reason why these attacks were on cloud based pw managers?

[-] _edge@discuss.tchncs.de 23 points 3 months ago

The method, they use, requires a client-server architecture. Hence, they cannot attack a local keepass file even if you sync it to some cloud.

[-] CardboardVictim@piefed.social 16 points 3 months ago

From what I scanned, there was no reason given on why they only attacked cloud based providers.

My guess is that these are paid ones and thus have a 'market share', easier to attack etc.

If you attack a 'keepass' password the attack vector is more crypto / memory based as far as my limited knowledge goes and not some funky inbetween attack.

Also, if you attack a cloud base provides, you will most likely have multiple victims per breach / exploit, whilst offline are targeted and thus not so interesting in most cases unless we're talking about a person of interest

[-] londos@lemmy.world 4 points 3 months ago

That's where most of the passwords are

load more comments (3 replies)
[-] hal_5700X@sh.itjust.works 35 points 3 months ago

Use a offline password manager. Problem solved.

[-] Evotech@lemmy.world 15 points 3 months ago

Solves the security issue. Destroys the accessibility part

load more comments (4 replies)
[-] RemADeus 7 points 3 months ago

Many will argue that they need the convenience of an online password manager not knowing that what you stated is the safest form

[-] Sir_Kevin@lemmy.dbzer0.com 32 points 3 months ago

I pitty the fool that stores anything important on ~~the cloud~~ somebody elses computer.

load more comments (1 replies)
[-] irate944@piefed.social 23 points 3 months ago* (last edited 3 months ago)

Copy pasting a comment that I saw on Reddit

——

Link to the original study (with a less sensationalized title):

https://zkae.io/

A few important notes:

  • the study is about Bitwarden, LastPass, Dashlane and 1Password. Proton Pass isn't mentioned.

  • the study presumes that they're working with a malicious server (read this as compromised server, controlled by an attacker). The attacks they talk about in the article would not work on a normal server. Here's their quote:

No need to panic: all of our attacks presume a malicious server. We have no reason to believe that the password manager vendors are currently malicious or compromised, and as long as things stay that way, your passwords are safe. That said, password managers are high-value targets, and breaches do happen.

  • Here's another quote, about other password managers:

You can ask your provider the following questions:

  1. ⁠Do you offer end-to-end encryption? What security do you provide in case your server infrastructure were to be compromised?
  1. How do you check that public keys and public-key ciphertexts are authentic?
  1. How do you authenticate security-critical settings, such as the KDF type and the iteration count?
  1. Do you provide integrity guarantees for a user's vault as a whole? Can a malicious server add items to your vault?

You can also ask your favourite password manager to commission an audit checking for our attacks in their products.

  • If you still feel unsure/unsafe, then adopt an offline password manager (I highly recommend keepassXC).
[-] CardboardVictim@piefed.social 10 points 3 months ago

I too recommend KeepassXC, works even on android with KeepassDX. I use syncthing to sync between devices (work, personal and android)

load more comments (6 replies)
[-] scala@lemmy.ml 6 points 3 months ago

Wish they did an assessment on Proton pass. I just started using all proton services and wanted to know how that holds up. My company uses Bitwarden 🙃

load more comments (1 replies)
[-] aetherius@lemmy.ml 15 points 3 months ago* (last edited 3 months ago)

Bitwarden have published a blog addressing this audit:

Security through transparency: ETH Zurich audits Bitwarden cryptography against malicious server scenarios

[-] myfunnyaccountname@lemmy.zip 13 points 3 months ago

With pretty much every major company being hacked at some point, credit card companies being hacked, everyone selling our details and data, doge and palantir. Feels like post it notes under the keyboard isn’t that bad of an idea.

[-] SocialMediaRefugee@lemmy.world 6 points 3 months ago

If someone breaks into my house to read them I have big problems already.

[-] myfunnyaccountname@lemmy.zip 4 points 3 months ago

You have no idea how many times I’ve made that exact statement.

load more comments (1 replies)
load more comments (1 replies)
[-] kepix@lemmy.world 11 points 3 months ago

i really wasnt expecting a password manager related tech fearmongering on lemmy today

[-] SparroHawc@lemmy.zip 11 points 3 months ago

Don't store your stuff in the cloud unless you don't mind someone else accessing it.

If you store things in the cloud that you don't want other people to access, you better be encrypting it yourself and only opening it locally.

This has been a cardinal rule since day 1.

load more comments (2 replies)
[-] scarabic@lemmy.world 10 points 3 months ago

Many providers promise absolute security

This struck me as wrong, because that would be a technically impossible and liability-inviting thing to promise.

And after checking the homepages of the 3 services they tested, yep, none of them promise “absolute security.”

[-] Appoxo@lemmy.dbzer0.com 9 points 3 months ago* (last edited 3 months ago)

“We want our work to help bring about change in this industry,” says Paterson. “The providers of password managers should not make false promises to their customers about security but instead communicate more clearly and precisely what security guarantees their solutions actually offer.”  

Great.
Now which password vault was the most cooperative and clear in their security communication and which one wasnt?
The author said that they have given the providers time to fix the issues. Now highlight the ones that did it the best.... >_>

[-] olympicyes@lemmy.world 5 points 3 months ago* (last edited 3 months ago)

They did gove some advice. They said to go with a vendor that is transparent about problems and reveals the results of their third party security audits. I’m sure if you read between the lines it means they likely reviewed several vendors and chose to spend their time attacking ones that are opaque about their security stance and used outdated encryption or bad implementations of E2E encryption. So all three are likely suspect. Like if 1Password were developed similarly to LastPass wouldn’t they have spent time attacking it?

Edit: https://support.1password.com/security-assessments/

1Password are posting the results of their external pen testing now.

load more comments (2 replies)
[-] OnfireNFS@lemmy.world 8 points 3 months ago

Would having a synced Keepass database with a composite key protect against this?

When I made my database I created a composite key file that never goes online. I locally copy it to any device that needs to access the database. The idea was even if the password got compromised you can't access the database without the key file

load more comments (2 replies)
[-] eleijeep@piefed.social 6 points 3 months ago

the paper: https://eprint.iacr.org/2026/058.pdf

[-] eatsnutellawivaspoon@feddit.uk 6 points 3 months ago

I use one of the password managers mentioned in the article, purely for the convenience of apps on all my devices, syncing and complex individual passwords. Should I be looking to move to self hosting something instead? Would my host (likely a synology Nas or raspberry pi) not then have the same risks?

[-] cevn@lemmy.world 5 points 3 months ago

I self host via vault warden. And I have it locked behind tailscale vpn. Aside from your server itself getting hacked, which is a risk, this is more secure than having passwords on the public internet.

load more comments (3 replies)
[-] iglou@programming.dev 4 points 3 months ago

I believe Proton Pass does not have the design flaws shown in the article. For instance, if you lose your password, you lose your data. Your data is encrypted and decrypted on your device.

load more comments (1 replies)
load more comments (1 replies)
[-] Etterra@discuss.online 5 points 3 months ago

That's why mine is a physical book.

[-] bitflip@lemmy.dbzer0.com 7 points 3 months ago

Really depends on your threat model whether this is a good idea. If cops raiding your home is part of it, a physical book might not be your best bet.

load more comments (2 replies)
[-] thoralf@discuss.familie-will.at 4 points 3 months ago

I was always (and still am) under the assumption that you are fucked anyway, if either endpoint is compromised.

Sure, you can do a lot to make it less and less comfortable to read a password. But I’m not convinced that it is possible to. Fully prevent it from happening, no matter how hard you try.

load more comments
view more: next ›
this post was submitted on 17 Feb 2026
259 points (89.8% liked)

Technology

85080 readers
3878 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws