π¨ New research from ETH Zurich has found that popular password manager's zero-knowledge encryption claims don't fully hold up if their servers are compromised. β οΈ
π LastPass, Dashlane & Bitwarden were identified as being affected, this is significant because cloud password managers commonly claim that their user's data would be unaffected if they were compromised. πΎ
β Dashlane & Bitwarden promptly issued fixes.
β LastPass did not issue a fix and stated: "our own assessment of these risks may not fully align with the severity ratings assigned by the ETH ZΓΌrich team."
π‘In 2022, LastPass experienced a breach that impacted 1.6 million users due to inadequately strong technical and security measures within their infrastructure.
The best time to switch from LastPass was yesterday; the second best is today. ποΈ
Here's what we recommend β¬οΈ
@Papaexmatrikulatus @privacyguides
https://bitwarden.com/blog/security-through-transparency-eth-zurich-audits-bitwarden-cryptography/
A new in-depth security report is available, continuing the Bitwarden commitment to transparency and trusted open source security. The audit, conducted by the prestigious Applied Cryptography Group at ETH Zurich, proactively tested Bitwarden core cryptography operations against the hypothetical event of a maliciously compromised server. All issues identified in the report have been addressed by the Bitwarden team and have been included in the attached cryptography report for full transparency.
Privacy Guides
Papa Exmatrikulatus π΄π³οΈβπ
timisch