Mastodawn

Ken Walker

5d ago

Schneier on Security

On the Security of Password Managers

https://www.schneier.com/blog/archives/2026/02/on-the-security-of-password-managers.html

#privacy #infosec #passwordmanagers

On the Security of Password Managers - Schneier on Security

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, and LastPass and identified ways that someone with control over the server—either administrative or the result of a compromise—can, in fact, steal data and, in some cases, entire vaults. The researchers also devised other attacks that can weaken the encryption to the point that ciphertext can be converted to plaintext...

Schneier on Security

ResearchBuzz: Firehose Mar 5

MakeUseOf: 3 free password managers that are actually better than the paid ones. “Turns out, not all free apps are stripped-down tools that only try to get you to subscribe to higher tiers. The following three free password managers are actually great to use, and offer solid features, transparency, and trust.”

https://rbfirehose.com/2026/03/05/makeuseof-3-free-password-managers-that-are-actually-better-than-the-paid-ones/

MakeUseOf: 3 free password managers that are actually better than the paid ones

MakeUseOf: 3 free password managers that are actually better than the paid ones. “Turns out, not all free apps are stripped-down tools that only try to get you to subscribe to higher tiers. T…

ResearchBuzz: Firehose

KillBait Feb 28

Password Managers Expose Hidden Vulnerabilities in Latest Study

📰 Original title: Password Managers Share a Hidden Weakness

🤖 IA: It's not clickbait ✅
👥 Usuarios: It's not clickbait ✅

View full AI summary: https://killbait.com/en/password-managers-expose-hidden-vulnerabilities-in-latest-study/?redirpost=0b8442c4-bbaf-4f8e-ab9d-85cc621a0c11

#technology #passwordmanagers #cybersecurity #vulnerabilities

Password Managers Expose Hidden Vulnerabilities in Latest Study

Password managers, long touted as a reliable solution for securely managing online credentials, are facing new vulnerabilities. A study by ETH Zurich and USI Lugano security researchers has revealed…

KillBait Archive

KillBait Feb 28

Password Managers Expose Hidden Vulnerabilities in Latest Study

📰 Original title: Password Managers Share a Hidden Weakness

🤖 IA: It's not clickbait ✅
👥 Usuarios: It's not clickbait ✅

View full AI summary: https://killbait.com/posts/post/0b8442c4-bbaf-4f8e-ab9d-85cc621a0c11

#technology #passwordmanagers #cybersecurity #vulnerabilities

KillBait - News highlights delivered clearly and responsibly—no clickbait, no sensationalism.

KillBait is a news aggregator developed by students and professionals in journalism and web development. Our focus is on providing readers with clear and relevant summaries of each news story.

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Feb 27

#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD

Password managers' promise that they can't see your vaults isn't always true

Contrary to what password managers say, a server compromise can mean game over.

Ars Technica

Nicolas Fränkel 🇪🇺🇺🇦🇬🇪Feb 26

#PasswordManagers less secure than promised

https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html

Password managers less secure than promised

Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.

ETH Zurich

「ʀᴏʙᴇʀᴛ」Feb 25

I've been running Bitwarden with a self-hosted Vaultwarden instance for a few weeks now, and it certainly looks like it can replace 1Password for me.

Although it doesn't have "AI-powered item naming”... #worldssmallestviolin

https://github.com/dani-garcia/vaultwarden

#passwordmanagers #1password #bitwarden #vaultwarden

GitHub - dani-garcia/vaultwarden: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs - dani-garcia/vaultwarden

GitHub

「ʀᴏʙᴇʀᴛ」Feb 24

Wow, #1Password are increasing their prices by 20% 😱

Good thing I was already checking out alternatives, because I don’t care about any of the things that they say are causing the price increase (“AI-powered item naming”, really?).

#passwordmanagers

CyberRiskLab Feb 24

Here are the slides from our workshop on #passwords and #passwordmanagers last week: https://codeberg.org/UU_CyberRiskLab/workshops/src/branch/main/2026-02-12_passwords.pdf

workshops/2026-02-12_passwords.pdf at main

workshops - A collection of workshop materials by the Uppsala University CyberRiskLab

Codeberg.org

Ronald Raadsen Feb 23

I never liked the idea of using cloud-based password managers. There are news stories all the time about some type of data breach. Each additional person having their passwords on a server makes the payout incrementally more attractive, more valuable.

https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/ #Security #PasswordManagers #Tech

Password managers' promise that they can't see your vaults isn't always true

Contrary to what password managers say, a server compromise can mean game over.

Ars Technica