this post was submitted on 17 Feb 2026
260 points (89.6% liked)

Technology

81661 readers
4306 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
260
Password managers are less secure than promised (ethz.ch)
submitted 5 days ago by Beep@lemmus.org to c/technology@lemmy.world
119 comments fedilink hide all child comments
 
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
(page 2) 50 comments
sorted by: hot top controversial new old
[–] eleijeep@piefed.social 6 points 5 days ago

the paper: https://eprint.iacr.org/2026/058.pdf

[–] thoralf@discuss.familie-will.at 4 points 5 days ago

I was always (and still am) under the assumption that you are fucked anyway, if either endpoint is compromised.

Sure, you can do a lot to make it less and less comfortable to read a password. But I’m not convinced that it is possible to. Fully prevent it from happening, no matter how hard you try.

[–] HertzDentalBar@lemmy.blahaj.zone 1 points 3 days ago

I'm slowly moving over to my own manager, I'm still struggling to get it to all work properly on all my devices though.

[–] exu@feditown.com 3 points 4 days ago

Interesting paper and I agree with the researchers to consider full server compromise in scope for online password managers. Maybe I missed it, but I'd have liked a section on the response by vendors. Mistakes happen, but the response and actions taken are very important for (continued) trust in a vendor.

[–] fireshell@fedia.io 3 points 5 days ago (3 children)

Hardware TOTP Authenticator & Password Manager SecureGen

load more comments (3 replies)
load more comments
view more: ‹ prev next ›