Password managers are less secure than promised

Comments

• Kushan@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

  From the paper itself:

  We had a video-conference and numerous email exchanges with Bitwarden. At the time of writing, they are well advanced in deploying mitigations for our attacks: BW01, BW03, BW11, BW12 were addressed, the minimum KDF iteration count for BW07 is now 5000, and their roadmap includes completely removing CBC-only encryption, enforcing per-item keys and changing the vault format for integrity. On 22.12.25 they shared with us a draft for a signed organisation membership scheme, which would resolve BW08 and BW09. At our request, to maintain anonymity, they have not yet credited us publicly for the disclosure, but plan to do so.

  I didn’t look at the response to other Password managers, but the gist here is that the article is overblowing the paper by quite a bit and the majority of the “issues” discovered are either already fixed, or active design decisions.

  source

  • 1984@lemmy.today ⁨2⁩ ⁨weeks⁩ ago

    I was also just looking for bitwarden information. Its just the best password manager and has never failed to do its job.

    source

    • ftbd@feddit.org ⁨2⁩ ⁨weeks⁩ ago

      They advertise that passwords are only stored on the server in encrypted form, meaning they couldn’t read them even if they wanted to (or were forced to by a government agency) and you don’t have to trust them not to. This paper shows that several vulnerabilities exist in the protocol which could be exploited by malicious code running on the server (injected by hackers or a government agency), which would then allow an attacker to obtain cleartext-passwords. So you do, in fact, have to trust the servers integrity.

      source

      • -> View More Comments
  • Uebercomplicated@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago

    The beauty of open source

    source
  • WhyJiffie@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

    but the gist here is that the article is overblowing the paper by quite a bit and the majority of the “issues” discovered are either already fixed, or active design decisions.

    “fixed”

    lemmy.ml/comment/24008121

    source

    • Appoxo@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

      Or you can change the encryption to argon2 in the settings with salted hashes.
      Granted it’s probably not per item but at least something.

      source
• felbane@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

  tl;dr:

  1. If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)
  2. None of the providers tested have (or have had in the past) compromised servers.

  and an observation or two:

  • Vaultwarden is free, self-hostable, and doesn’t rely on trust in a third party.
  • Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.

  source

  • orclev@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.

    And simultaneously less secure because it’s up to you to handle keeping your vault synced between various devices and most people are significantly worse at keeping systems secure than the professionals at the password managers.

    Self hosting a server of some kind or using something like Keepass on a single device (with offline backups) is the most secure option, but as usual with security doing so trades significant convenience for security. For most people who are interested in making sure their servers are kept up to date week to week letting professionals handle it is the better option.

    source

    • felbane@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      Sure, but at the end of the day even if you don’t update your vaultwarden server or you rely on an insecure storage sync system like dropbox, your actual vault is encrypted with a key that only you know. Even if your server is hacked or the kdbx is leaked, your passwords are safe until someone breaks AES.

      Contrast that with hosted services, who could very easily attach their own keys to your encryption key (whether now or in the future at the behest of the state) and you’d be none the wiser. E2EE doesn’t matter much when the other end is controlled by someone else.

      I’m not disagreeing that most people just want something to work without thinking about, and for that reason I’m glad that services like bitwarden and lastpass and protonpass exist. My intent was not FUD, just shining a light on the fact that keeping your passwords secure does not require trusting a company.

      source

      • -> View More Comments
    • shortwavesurfer@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

      I store my keypass database on several flash drives in different physical locations and update them several times per year to make sure that even if I do lose the copy I have, the versions on the flash drives, not at my physical location, are decently up to date, and so if I do lose any of the password data, it will be only for a couple of months worth if that.

      If I add things that are extremely important, such as a new mortgage provider, or some sort of financial data into my keypass database, then I do an unscheduled immediate update to all of my flash drives in different physical locations to make sure that they all have that, but if it’s just a social media account, and I was to lose access to it, and not have the password for it, then… I wouldn’t be too upset about it.

      In the absolute worst possible case, I stand to lose 3 months worth of data. It’s not often that I have to tweak stuff in my password manager, so that would be very few changes.

      source

      • -> View More Comments
    • FauxLiving@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      And simultaneously less secure because it’s up to you to handle keeping your vault synced between various devices and most people are significantly worse at keeping systems secure than the professionals at the password managers.

      It is not less secure.

      If the Bitwarden servers are compromised (either by hacking or by being forced to by the government of the country where they are hosted) then code could be run which would allow the attacker to receive your plaintext password and that is used to decrypt your data.

      If a user is so horrible at syncing that they accidentally synced their database file to a public Twitter post, it is still protected by AES-256 which can’t be broken by a simple subpoena.

      In either case, syncthing is pretty simple to use and is the common recommendation for the kind of small personal file sync that you need here. It also adds an additional security layer, on top of the unbreakable AES-256 encryption, to the whole setup.

      source
  • iglou@programming.dev ⁨2⁩ ⁨weeks⁩ ago

    If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)

    No, not “duh”. The right way to do this is client-side encryption/decryption. The server then does not at any moment know anything about your passwords.

    source

    • felbane@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      This is what Bitwarden claims to do, and yet we have a paper showing that with a compromised server there exists a vulnerability.

      source

      • -> View More Comments
  • patatahooligan@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)

    What do you mean “duh”? The password managers claim that the exact opposite is true.

    Most service providers therefore promote their products with the promise of “zero-knowledge encryption”. This means they assure users that their stored passwords are encrypted and even the providers themselves have “zero knowledge” of them and no access to what has been stored. “The promise is that even if someone is able to access the server, this does not pose a security risk to customers because the data is encrypted and therefore unreadable. We have now shown that this is not the case”, explains Matilda Backendal.

    This would be true for a properly implemented end-to-end encryption scheme.

    source

    • felbane@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      “Properly implemented” is doing the heavy lifting in that sentence.

      source
  • ChairmanMeow@programming.dev ⁨2⁩ ⁨weeks⁩ ago

    These attacks can happen through server impersonation as well. The actual cloud servers need not be compromised, just the user’s browser has to be. This attack can then leak passwords and allow malicious parties to even gain access on the actual cloud servers apparently.

    source
  • HereIAm@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    How would I know if my own server isn’t compromised? Any of the online password managers have a hell of better chance spotting intrusion than I do.

    source
• unexposedhazard@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago

  OMFG can people please fucking go away with this stupid “password managers are worthless” bullshit today. They are exactly as secure as promised, unless you went to the obviously shady ones that use web interfaces. People have been saying this for years, if you want security, keep your password manager offline.

  source

  • victorz@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    So by that logic BitWarden is unsafe?

    source

    • unexposedhazard@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago

      Yes, if you arent self hosting the web interface or using the desktop client.

      source

      • -> View More Comments
    • WhyJiffie@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

      according to recent findings, it is.

      source

      • -> View More Comments
• CardboardVictim@piefed.social ⁨2⁩ ⁨weeks⁩ ago

  For people interested there were 3 cloud based password managers tested and this is what they found

  The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane.

  source

  • sexy_peach@feddit.org ⁨2⁩ ⁨weeks⁩ ago

    Is there a reason why these attacks were on cloud based pw managers?

    source

    • _edge@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago

      The method, they use, requires a client-server architecture. Hence, they cannot attack a local keepass file even if you sync it to some cloud.

      source
    • CardboardVictim@piefed.social ⁨2⁩ ⁨weeks⁩ ago

      From what I scanned, there was no reason given on why they only attacked cloud based providers.

      My guess is that these are paid ones and thus have a ‘market share’, easier to attack etc.

      If you attack a ‘keepass’ password the attack vector is more crypto / memory based as far as my limited knowledge goes and not some funky inbetween attack.

      Also, if you attack a cloud base provides, you will most likely have multiple victims per breach / exploit, whilst offline are targeted and thus not so interesting in most cases unless we’re talking about a person of interest

      source

      • -> View More Comments
    • londos@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      That’s where most of the passwords are

      source
  • artyom@piefed.social ⁨2⁩ ⁨weeks⁩ ago

    Yes but unfortunately nothing specific about the strength of any particular option.

    source
  • Appoxo@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

    What I am wondering myself: Do the different amount of attacks mean the attack surface was greater or had more vulnerabilities or what made them only do 6 on Dashlane vs 12 on Bitwarden?

    source
  • stephen01king@piefed.zip ⁨2⁩ ⁨weeks⁩ ago

    Unfortunately they don’t explain what the attacks were in the article. Gonna need to find the paper to know.

    source
• hal_5700X@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

  Use a offline password manager. Problem solved.

  source

  • Evotech@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    Solves the security issue. Destroys the accessibility part

    source

    • Eezyville@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

      I just sync it using my Nextcloud instance. No issues.

      source
    • sztosz@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

      I use an offline password manager, and sync an encrypted database with nextcloud. It’s convenient enough, and secure enough for me. Easy to sync between my phone, desktop, and laptop. And I only need to remember two passwords, the nextcloud one, and the manager one. I don’t think you can have it more secure and convenient all the same, at least not with current tech.

      source
    • GentlePulpy@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

      Just use Syncthing with your trusted host

      source
    • Zetta@mander.xyz ⁨2⁩ ⁨weeks⁩ ago

      Bitwarden with a vaultwarden docker container on my home server. Access over a VPS.

      source
  • RemADeus@thelemmy.club ⁨2⁩ ⁨weeks⁩ ago

    Many will argue that they need the convenience of an online password manager not knowing that what you stated is the safest form

    source
• Sir_Kevin@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

  I pitty the fool that stores anything important on the cloud somebody elses computer.

  source
• irate944@piefed.social ⁨2⁩ ⁨weeks⁩ ago

  Copy pasting a comment that I saw on Reddit

  ——

  Link to the original study (with a less sensationalized title):

  https://zkae.io

  A few important notes:

  • the study is about Bitwarden, LastPass, Dashlane and 1Password. Proton Pass isn’t mentioned.

  • the study presumes that they’re working with a malicious server (read this as compromised server, controlled by an attacker). The attacks they talk about in the article would not work on a normal server. Here’s their quote:

  No need to panic: all of our attacks presume a malicious server. We have no reason to believe that the password manager vendors are currently malicious or compromised, and as long as things stay that way, your passwords are safe. That said, password managers are high-value targets, and breaches do happen.

  • Here’s another quote, about other password managers:

  You can ask your provider the following questions:

  1. ⁠Do you offer end-to-end encryption? What security do you provide in case your server infrastructure were to be compromised?

  2. How do you check that public keys and public-key ciphertexts are authentic?

  3. How do you authenticate security-critical settings, such as the KDF type and the iteration count?

  4. Do you provide integrity guarantees for a user’s vault as a whole? Can a malicious server add items to your vault?

  You can also ask your favourite password manager to commission an audit checking for our attacks in their products.

  • If you still feel unsure/unsafe, then adopt an offline password manager (I highly recommend keepassXC).

  source

  • CardboardVictim@piefed.social ⁨2⁩ ⁨weeks⁩ ago

    I too recommend KeepassXC, works even on android with KeepassDX. I use syncthing to sync between devices (work, personal and android)

    source

    • artyom@piefed.social ⁨2⁩ ⁨weeks⁩ ago

      Is your data in KeePass encrypted?

      source

      • -> View More Comments
    • folekaule@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      I also use KeepassXC, and it’s great. I’m interested in setting up Syncthing between my Android, Linux desktop, and NAS. Do you have any tips or articles/resources that you used to set it up?

      source

      • -> View More Comments
  • scala@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago

    Wish they did an assessment on Proton pass. I just started using all proton services and wanted to know how that holds up. My company uses Bitwarden 🙃

    source
  • Uebercomplicated@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago

    Does anyone still talk about Keeper password manager? I feel like I used to hear about that one a lot, and now it has just disappeared off of the face of the earth.

    source
• myfunnyaccountname@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

  With pretty much every major company being hacked at some point, credit card companies being hacked, everyone selling our details and data, doge and palantir. Feels like post it notes under the keyboard isn’t that bad of an idea.

  source

  • SocialMediaRefugee@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    If someone breaks into my house to read them I have big problems already.

    source

    • myfunnyaccountname@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

      You have no idea how many times I’ve made that exact statement.

      source

      • -> View More Comments
  • 1995ToyotaCorolla@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    Post its have their problems but at least they can’t be read half a globe away

    source
• aetherius@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago

  Bitwarden have published a blog on this audit:

  Security through transparency: ETH Zurich audits Bitwarden cryptography against malicious server scenarios

  source
• SparroHawc@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

  Don’t store your stuff in the cloud unless you don’t mind someone else accessing it.

  If you store things in the cloud that you don’t want other people to access, you better be encrypting it yourself and only opening it locally.

  This has been a cardinal rule since day 1.

  source

  • echodot@feddit.uk ⁨2⁩ ⁨weeks⁩ ago

    I don’t want people to access my files but I wouldn’t really care if they did. I don’t understand people who keep things like compromising photos of themselves online, who’s benefit is that for, and why do you need quick access to your nudies?

    source

    • SparroHawc@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

      If it’s something that you don’t really care about others seeing, that’s a prime candidate for cloud storage and more power to you.

      This topic is about password lockers. I’m pretty sure you don’t want some schlub who happens to work at Cloud Password Lockers Inc. to be able to get at your PayPal account.

      source
• kepix@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

  i really wasnt expecting a password manager related tech fearmongering on lemmy today

  source
• scarabic@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

  Many providers promise absolute security

  This struck me as wrong, because that would be a technically impossible and liability-inviting thing to promise.

  And after checking the homepages of the 3 services they tested, yep, none of them promise “absolute security.”

  source
• Appoxo@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

  “We want our work to help bring about change in this industry,” says Paterson. “The providers of password managers should not make false promises to their customers about security but instead communicate more clearly and precisely what security guarantees their solutions actually offer.”  

  Great.
  Now which password vault was the most cooperative and clear in their security communication and which one wasnt?
  The author that they have given the providers time to fix. Now highlight the ones that did it the best… >_>

  source

  • olympicyes@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    They did gove some advice. They said to go with a vendor that is transparent about problems and reveals the results of their third party security audits. I’m sure if you read between the lines it means they likely reviewed several vendors and chose to spend their time attacking ones that are opaque about their security stance and used outdated encryption or bad implementations of E2E encryption. So all three are likely suspect. Like if 1Password were developed similarly to LastPass wouldn’t they have spent time attacking it?

    source

    • jjlinux@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

      About 1password publishing their pentesting results. Why put it behind a ‘give me your email address’ wall?

      Image

      That alone is enough for me to instantly disregard them as an option.

      source
    • Appoxo@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

      Bitwarden did so too.

      But IMO your assumption is a bit of interpreting bad/malicious faith into it.
      I see it more like they are the more publicly known brands/services that do this and underwent the audit.
      I have read the TLDR by the authors (linked a few times in the comments) and the answer by bitwarden.
      Bitwarden said the, fixed the issue, are in the progress of doing it or are accepting it as “this is intended/a trade-off”.
      What is a bit sad is that they had more vulnerabilities than other vendors. But I trust them more as they are mostly OSS.

      source
• OnfireNFS@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

  Would having a synced Keepass database with a composite key protect against this?

  When I made my database I created a composite key file that never goes online. I locally copy it to any device that needs to access the database. The idea was even if the password got compromised you can’t access the database without the key file

  source

  • nroth@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    What if you have a house fire and lose all devices with the key

    source

    • echodot@feddit.uk ⁨2⁩ ⁨weeks⁩ ago

      What if there’s a nuclear war end the house gets vaporized?

      To protect against this scenario I have this small portable computer that I keep in my pocket. They’re quite popular these days.

      source
• eleijeep@piefed.social ⁨2⁩ ⁨weeks⁩ ago

  the paper: https://eprint.iacr.org/2026/058.pdf

  source
• eatsnutellawivaspoon@feddit.uk ⁨2⁩ ⁨weeks⁩ ago

  I use one of the password managers mentioned in the article, purely for the convenience of apps on all my devices, syncing and complex individual passwords. Should I be looking to move to self hosting something instead? Would my host (likely a synology Nas or raspberry pi) not then have the same risks?

  source

  • cevn@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    I self host via vault warden. And I have it locked behind tailscale vpn. Aside from your server itself getting hacked, which is a risk, this is more secure than having passwords on the public internet.

    source

    • eatsnutellawivaspoon@feddit.uk ⁨2⁩ ⁨weeks⁩ ago

      I host a pi hole via diet pi already, vault warden is packaged for diet pi already, project for the weekend!

      source

      • -> View More Comments
  • iglou@programming.dev ⁨2⁩ ⁨weeks⁩ ago

    I believe Proton Pass does not have the design flaws shown in the article. For instance, if you lose your password, you lose your data. Your data is encrypted and decrypted on your device.

    source

    • cmhe@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      This is what all the listed password manager claim.

      source
  • cmhe@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    Security through layers. The flaws are about compromised server, so hosting your own server is a good first step. Next step is making the server only accessible via your own VPN. And of course hardening the server.

    source
• Etterra@discuss.online ⁨2⁩ ⁨weeks⁩ ago

  That’s why mine is a physical book.

  source

  • bitflip@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

    Really depends on your threat model whether this is a good idea. If cops raiding your home is part of it, a physical book might not be your best bet.

    source

    • echodot@feddit.uk ⁨2⁩ ⁨weeks⁩ ago

      If you’re at the point where that’s a possibility that you need to defend against then you probably already have better security than using a password manager.

      source
    • Etterra@discuss.online ⁨2⁩ ⁨weeks⁩ ago

      That’s very true.

      source
• thoralf@discuss.familie-will.at ⁨2⁩ ⁨weeks⁩ ago

  I was always (and still am) under the assumption that you are fucked anyway, if either endpoint is compromised.

  Sure, you can do a lot to make it less and less comfortable to read a password. But I’m not convinced that it is possible to. Fully prevent it from happening, no matter how hard you try.

  source
• CompactFlax@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago

  Assume the breach - that includes your password manager host. Especially your password manager host.

  source
• Kazel@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

  Everyone using online password manager services deserves everything he gets

  source

  • helpImTrappedOnline@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

    Yes, let’s blame the victim and not the data hording mega corps that advertise their crap to collect more data, make big promises, hide the better options, and actively undermine open source in every way they can.

    I’m pretty sure the average person hears “open source” and think “oh that’s insecure apps by hackers, I need to only use software from trusted sources”. It’s still a good idea, but unfortunately the trusted sources of 2002 have betrayed us.

    source

    • Kazel@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

      wahtever i use keepass

      source
• exu@feditown.com ⁨2⁩ ⁨weeks⁩ ago

  Interesting paper and I agree with the researchers to consider full server compromise in scope for online password managers. Maybe I missed it, but I’d have liked a section on the response by vendors. Mistakes happen, but the response and actions taken are very important for (continued) trust in a vendor.

  source
• HubertManne@piefed.social ⁨2⁩ ⁨weeks⁩ ago

  I use local for important stuff (financial) and online ones for things that are not to important.

  source
• MonkderVierte@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

  My password manager: a flat list and a little 3-liner gpg script.

  source
• HertzDentalBar@lemmy.blahaj.zone ⁨2⁩ ⁨weeks⁩ ago

  I’m slowly moving over to my own manager, I’m still struggling to get it to all work properly on all my devices though.

  source