DigiNews

Summary

ETH Zurich researchers tested three popular cloud-based password managers (Bitwarden, LastPass, Dashlane) and demonstrated multiple attacks that could reveal or modify stored passwords when interacting with a malicious server. The study challenges the industry’s promise of zero-knowledge encryption and calls for upgrades to modern cryptography, transparency through external audits, and the ability to migrate existing users to more secure systems. They also provide practical advice for users and organizations to demand clearer security guarantees and implement end-to-end encryption by default.