- Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
- Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
- However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
Assume the breach - that includes your password manager host. Especially your password manager host.
The summary is here; the linked article is a bit short on detail. https://zkae.io/
I read the summary but haven’t gotten into the details on each. It is concerning that Bitwarden has so many issues, as it’s the only one that is offered as a self hosted solution in addition to SaaS - I do think it’s unlikely for a home lab to get the kind of attention that would result in using these methods against the vault, but it’s possible. Attackers have been known to go after admins. Lastpass has had their run ins with breaches before and shouldn’t score so highly. 1Password seems to have good architecture and a responsive team.