Password managers’ promise that they can’t see your vaults isn’t always true
Password managers’ promise that they can’t see your vaults isn’t always true
#Passwordmanagers
https://opr.news/2ad7d727260217en_us?link=1&client=ex_global
Download Now
https://opr.as/share

Over the past 15 years, password managers have grown from a niche security tool used by the technology savvy into an indispensable security tool for the masses, with an estimated 94 million US adults—or roughly 36 percent of them—having adopted them. They store not only passwords for pension, financial, and email accounts, but often cryptocurrency credentials, payment card numbers, and other sensitive data.
25 recovery-based attack vectors found in major password managers.
Bitwarden, LastPass, Dashlane & 1Password affected.
Worst case: full vault compromise via crypto & recovery flaws.
https://www.technadu.com/major-cloud-password-managers-vulnerable-to-recovery-attacks-bitwarden-lastpass-and-dashlane/620369/
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
Besides #ProtonPass what other #PasswordManagers are good ?
2FA only works if the factors are separate.
If your password manager holds both your passwords AND your 2FA seeds/backup codes, your "second factor" is not really separate anymore.
What I changed (and a checklist):
https://marcelbootsman.nl/two-factor-authentication-only-works-if-the-factors-are-separate/
Unlike some password managers that overwhelm users with features, Proton Pass keeps things straightforward, making it easy to manage your passwords without a steep learning curve.
Read more 👉 https://lttr.ai/AnH5M
I’ve published a new article looking at how hardware security keys work with Proton Pass, including YubiKey support.
It covers:
• what security keys actually protect against
• how they fit into Proton Pass
• when they’re worth using (and when they’re not)
If you’re thinking about stronger account security without adding unnecessary friction, this may help.
🔗 https://paulobrien.com/proton-pass-yubikey-security-keys/
#EmailSecurity #AccountSecurity #PrivacyTools #PasswordManagers #Proton #YubiKey #DigitalSecurity #Infosec