Ars Technica News2h ago
Password managers' promise that they can't see your vaults isn't always true https://arstechni.ca/M3dw #endtoendencryption #passwordmanagers #zeroknowledge #Features #Security #Biz&IT
Password managers' promise that they can't see your vaults isn't always true

Contrary to what password managers say, a server compromise can mean game over.

Ars Technica
Martin Reitsma3h ago

Password managers’ promise that they can’t see your vaults isn’t always true
Password managers’ promise that they can’t see your vaults isn’t always true
#Passwordmanagers

https://opr.news/2ad7d727260217en_us?link=1&client=ex_global

Download Now
https://opr.as/share

Password managers’ promise that they can’t see your vaults isn’t always true

Over the past 15 years, password managers have grown from a niche security tool used by the technology savvy into an indispensable security tool for the masses, with an estimated 94 million US adults—or roughly 36 percent of them—having adopted them. They store not only passwords for pension, financial, and email accounts, but often cryptocurrency credentials, payment card numbers, and other sensitive data.

opera news app
TechNadu13h ago

25 recovery-based attack vectors found in major password managers.

Bitwarden, LastPass, Dashlane & 1Password affected.

Worst case: full vault compromise via crypto & recovery flaws.
https://www.technadu.com/major-cloud-password-managers-vulnerable-to-recovery-attacks-bitwarden-lastpass-and-dashlane/620369/

#PasswordManagers #Crypto #InfoSec #CloudSecurity

arutaz1d ago
Security issues found with multiple online password managers.

https://cyberinsider.com/popular-password-managers-fall-short-of-zero-knowledge-claims/

Bitwarden says they have fixed their issues:
https://bitwarden.com/blog/security-through-transparency-eth-zurich-audits-bitwarden-cryptography/

#Bitwarden #LastPass #Dashlane #PasswordManager #PasswordManagers #Infosec #Security #Passwords

Ping @karlemilnikka
Popular password managers fall short of “zero-knowledge” claims

Architectural weaknesses in Bitwarden, LastPass, and Dashlane, undermine zero-knowledge encryption promises and risk vault exposure.

CyberInsider
Show threadStrypey4d ago

Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.

Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.

#PasswordManagers #passphrases

Stu Linden JrFeb 7

Besides #ProtonPass what other #PasswordManagers are good ?

#AskFedi #AskMastodon

arutazFeb 6
My solution for syncing keepass between Linux and iPhone (works with KeePassDX on Android too) using Nextcloud:

My Linux computer is running Incus, and one container is my Nextcloud server.

I have created a folder ~/nextcloud where my keepass.kdbx is located.

KeePassXC is using this file directly and since it's a local file it's always accessible.

I have mounted ~/nextcloud inside the Incus Nextcloud container as /data.

In Nextcloud I have monuted /data as a folder for my Nextcloud user.

In KeePassium in iPhone I have set it up to use WebDAV to my Nextcloud server and then choosen the keepass.kdbx file.

(This way I can also easily share any file between Linux and iPhone)
(I know there are other ways to do this, but since I want to always have access to keepass.kdbx on Linux even if Nextcloud is not running this solution best fits my needs)

#KeePass #KeePassXC #KeePassDX #KeePassium #Incus #Nextcloud #Linux #iPhone #Android #WebDAV #PasswordManager #PasswordManagers #Passwords
Marcel BootsmanJan 16

2FA only works if the factors are separate.

If your password manager holds both your passwords AND your 2FA seeds/backup codes, your "second factor" is not really separate anymore.

What I changed (and a checklist):
https://marcelbootsman.nl/two-factor-authentication-only-works-if-the-factors-are-separate/

#2FA #Security #PasswordManagers

Ruhani RabinJan 14

Unlike some password managers that overwhelm users with features, Proton Pass keeps things straightforward, making it easy to manage your passwords without a steep learning curve.

Read more 👉 https://lttr.ai/AnH5M

#Free #Cybersecurity #PasswordManagers

Paul O'BrienJan 5

I’ve published a new article looking at how hardware security keys work with Proton Pass, including YubiKey support.

It covers:
• what security keys actually protect against
• how they fit into Proton Pass
• when they’re worth using (and when they’re not)

If you’re thinking about stronger account security without adding unnecessary friction, this may help.

🔗 https://paulobrien.com/proton-pass-yubikey-security-keys/

#EmailSecurity #AccountSecurity #PrivacyTools #PasswordManagers #Proton #YubiKey #DigitalSecurity #Infosec

Using YubiKey with Proton Pass for Stronger 2FA

A practical guide to using YubiKey and other security keys with Proton Pass for stronger two-factor authentication.

Paul O’Brien — The Email Guy