Password managers less secure than promised
ethz.ch
Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
  • OnfireNFS@lemmy.worldEnglish
    8·
    13 hours ago

    Would having a synced Keepass database with a composite key protect against this?

    When I made my database I created a composite key file that never goes online. I locally copy it to any device that needs to access the database. The idea was even if the password got compromised you can’t access the database without the key file

    • nroth@lemmy.worldEnglish
      41·
      9 hours ago

      What if you have a house fire and lose all devices with the key

      • Echo Dot@feddit.ukEnglish
        2·
        5 hours ago

        What if there’s a nuclear war end the house gets vaporized?

        To protect against this scenario I have this small portable computer that I keep in my pocket. They’re quite popular these days.