Password managers less secure than promised
ethz.ch
Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
  • iglou@programming.devEnglish
    11·
    2 hours ago

    If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)

    No, not “duh”. The right way to do this is client-side encryption/decryption. The server then does not at any moment know anything about your passwords.