this post was submitted on 17 Feb 2026
214 points (89.1% liked)

Technology

81373 readers
4883 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
214
Password managers are less secure than promised (ethz.ch)
submitted 1 day ago by Beep@lemmus.org to c/technology@lemmy.world
99 comments fedilink hide all child comments
 
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[–] U7826391786239@lemmy.zip 33 points 1 day ago* (last edited 1 day ago) (1 children)

they ran the test on those pw managers because they were open source. that allowed the testers to implement a "dummy" provider on their own "compromised server." so the results of failing the tests are based on the hypothetical situation of "what if bitwarden (or whoever) had an entire server taken over by hackers". while the chances of that happening are greater than zero, it would take a lot for someone to completely hijack a server like that

edit to add-- these tests are one of the reasons these pw managers choose to be open source: to allow 3rd party tests like this to find vulnerabilities, so they can be fixed

nothing is 100% guaranteed safe, but if you don't want to remember or write down dozens or hundreds of unique strong passwords, i still would recommend a pw manager

[–] sexy_peach@feddit.org 5 points 1 day ago

Oh okay so they probably delivered malicious code to the user entering their passwords... Well even an offline pw manager can be compromised in the code.