6
Password managers are less secure than promised (ethz.ch)
submitted 3 months ago by Beep@lemmus.org to c/technology@lemmy.world
49 comments fedilink hide all child comments
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[-] Appoxo@lemmy.dbzer0.com 2 points 3 months ago* (last edited 3 months ago)

“We want our work to help bring about change in this industry,” says Paterson. “The providers of password managers should not make false promises to their customers about security but instead communicate more clearly and precisely what security guarantees their solutions actually offer.”  

Great.
Now which password vault was the most cooperative and clear in their security communication and which one wasnt?
The author said that they have given the providers time to fix the issues. Now highlight the ones that did it the best.... >_>

[-] olympicyes@lemmy.world 1 points 3 months ago* (last edited 3 months ago)

They did gove some advice. They said to go with a vendor that is transparent about problems and reveals the results of their third party security audits. I’m sure if you read between the lines it means they likely reviewed several vendors and chose to spend their time attacking ones that are opaque about their security stance and used outdated encryption or bad implementations of E2E encryption. So all three are likely suspect. Like if 1Password were developed similarly to LastPass wouldn’t they have spent time attacking it?

Edit: https://support.1password.com/security-assessments/

1Password are posting the results of their external pen testing now.

this post was submitted on 17 Feb 2026
6 points (75.0% liked)

Technology

85138 readers
787 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws