Password managers less secure than promised
ethz.ch
Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
  • shortwavesurfer@lemmy.zipEnglish
    1·
    4 hours ago

    PThe master copy stays on my device. If I need to give somebody access to a specific password, I just give them that password locally and they put it in their password manager for that account.

    Same thing occurs if they need to give me a password. They give me the password. I put it in my password manager and then I’m the one who updates the flash drives on the rotating basis like I mentioned above.

    • Appoxo@lemmy.dbzer0.comEnglish
      1·
      2 hours ago

      Great.
      Now your data is (potentially) exactly where you are trying to keep it out of.

      So you made it more cumbersome to yourself by keeping your data as local as possible, yet still chosing to give up the tiny sliver of additional security for the comfort of others.

      I don’t want to be annoying. But I hope you see what I am trying to convey.