this post was submitted on 17 Feb 2026
193 points (89.4% liked)

Technology

81451 readers
4543 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
193
Password managers are less secure than promised (ethz.ch)
submitted 1 day ago by Beep@lemmus.org to c/technology@lemmy.world
104 comments fedilink hide all child comments
 
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[–] victorz@lemmy.world 2 points 21 hours ago* (last edited 21 hours ago) (1 children)

I assume you follow proper backup protocol it you are using offline password management.

How do you sync though? You keep one copy on your phone or something, I imagine? What apps and managers are you using?

[–] unexposedhazard@discuss.tchncs.de 1 points 15 hours ago (1 children)

KeepassXC is the goat :)

The database file is encrypted so its fine to sync it however you like. I use syncthing for it. Obviously set a very good password on it if you sync it through unsecure channels.

[–] victorz@lemmy.world 0 points 11 hours ago (1 children)

I had a look at this, and the only thing that intrigued be about KeePass was the ChaCha20 encryption which seems modern and nice.

I usually use rbw which doesn't use a web page to interact with BitWarden. It stores a local copy of the database, so the only time it contacts the servers is when adding new info or syncing or otherwise changing stuff.

I'll look more into KeePassXC and KeePassDX for mobile. Might be interesting, but the annoying part would be the syncing. You'd have to pay close attention to where you add new entries, and not add entries on separate devices if you want them synced to all devices. Or does that work somehow with KeePassXC?

[–] unexposedhazard@discuss.tchncs.de 1 points 11 hours ago* (last edited 11 hours ago)

Just set it up so that the resulting .kdbx database file is always instantly synced between your devices whenever you make changes. Everything is in that file and all keepass versions can open it. I use syncthing for this because it doesnt require a server, but you can use nextcloud or whatever you have available. With syncthing it always just keeps the most recently modified version.