6
Password managers are less secure than promised (ethz.ch)
submitted 2 months ago by Beep@lemmus.org to c/technology@lemmy.world
49 comments fedilink hide all child comments
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[-] unexposedhazard@discuss.tchncs.de 0 points 2 months ago* (last edited 2 months ago)

There is no way to patch the inherent flaw that comes with delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases. Same applies to e2ee encrypted chat clients that run as a web page like element-web (browser based matrix client).

[-] victorz@lemmy.world 2 points 2 months ago

This feels a bit extreme though. Can you even trust anything online at that point? Do you also never leave your home carrying your wallet in case someone might rob you?

[-] unexposedhazard@discuss.tchncs.de 1 points 2 months ago* (last edited 2 months ago)

Bro i have my bank details, all my private 2FA, work 2FA, health insurance access, my families master passwords, steam access, and more in there. Its literally the most important piece of software that can exist in this day and age. No im not taking chances with that. The only thing you can do with my physical wallet if you rob me is buy something up to 20€ beyond which you need the cards pin. Everything else i can just deactivate by calling the relevant parties.

But on another note, websites have never really been resistant to MITM attacks. So you dont just have to trust the hoster but also everything in between you and them.

[-] victorz@lemmy.world 1 points 2 months ago* (last edited 2 months ago)

I assume you follow proper backup protocol it you are using offline password management.

How do you sync though? You keep one copy on your phone or something, I imagine? What apps and managers are you using?

this post was submitted on 17 Feb 2026
6 points (75.0% liked)

Technology

84255 readers
298 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws