Yes but unfortunately nothing specific about the strength of any particular option.
Comment on Password managers are less secure than promised
CardboardVictim@piefed.social 10 hours ago
For people interested there were 3 cloud based password managers tested and this is what they found
The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane.
artyom@piefed.social 9 hours ago
stephen01king@piefed.zip 8 hours ago
Unfortunately they don’t explain what the attacks were in the article. Gonna need to find the paper to know.
sexy_peach@feddit.org 10 hours ago
Is there a reason why these attacks were on cloud based pw managers?
_edge@discuss.tchncs.de 9 hours ago
The method, they use, requires a client-server architecture. Hence, they cannot attack a local keepass file even if you sync it to some cloud.
CardboardVictim@piefed.social 10 hours ago
From what I scanned, there was no reason given on why they only attacked cloud based providers.
My guess is that these are paid ones and thus have a ‘market share’, easier to attack etc.
If you attack a ‘keepass’ password the attack vector is more crypto / memory based as far as my limited knowledge goes and not some funky inbetween attack.
Also, if you attack a cloud base provides, you will most likely have multiple victims per breach / exploit, whilst offline are targeted and thus not so interesting in most cases unless we’re talking about a person of interest
U7826391786239@lemmy.zip 10 hours ago
they ran the test on those pw managers because they were open source. that allowed the testers to implement a “dummy” provider on their own “compromised server.” so the results of failing the tests are based on the hypothetical situation of “what if bitwarden (or whoever) had an entire server taken over by hackers”. while the possibility of that happening are greater than zero, it would take a lot for someone to completely hijack a server like that
sexy_peach@feddit.org 9 hours ago
Oh okay so they probably delivered malicious code to the user entering their passwords… Well even an offline pw manager can be compromised in the code.
londos@lemmy.world 6 hours ago
That’s where most of the passwords are