this post was submitted on 17 Feb 2026
207 points (89.4% liked)

Technology

81451 readers
4153 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
207
Password managers are less secure than promised (ethz.ch)
submitted 1 day ago by Beep@lemmus.org to c/technology@lemmy.world
113 comments fedilink hide all child comments
 
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[–] iglou@programming.dev 3 points 19 hours ago (1 children)

If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)

No, not "duh". The right way to do this is client-side encryption/decryption. The server then does not at any moment know anything about your passwords.

[–] felbane@lemmy.world 1 points 10 hours ago (1 children)

This is what Bitwarden claims to do, and yet we have a paper showing that with a compromised server there exists a vulnerability.

[–] iglou@programming.dev 2 points 10 hours ago

What they claim to do and what they do is not necessarily the same. If done properly, the server does not need to be trusted.