this post was submitted on 17 Feb 2026
254 points (89.9% liked)

Technology

81451 readers
5677 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
254
Password managers are less secure than promised (ethz.ch)
submitted 2 days ago by Beep@lemmus.org to c/technology@lemmy.world
117 comments fedilink hide all child comments
 
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[–] BigBolillo@mgtowlemmy.org 0 points 2 days ago (2 children)

It's not better to use 2FA with the same password than using a password manager?

[–] EndlessNightmare@reddthat.com 4 points 1 day ago (1 children)

Don't re-use passwords. Do use 2FA.

[–] mik@sh.itjust.works 3 points 1 day ago

I'm not sure if you're asking if it is better to use the same password with 2fa, or questioning a claim that it is (which I didn't see in the article). If it's the first, no it is not better to re-use a password with 2FA.

2FA is meant to prevent someone from accessing the account if they only have your password. The problem with re-use is they can attempt that same password on other services, which may or may not support 2FA, or may have flaws in their 2FA implementation.

Also, many services will "give away" that the attacker has the right password by reacting differently if they enter the wrong password vs the right one, such as only showing the 2FA prompt if they have the right password.

Using unique passwords AND 2FA is far better, as it means an attacker must start from scratch for every service they wish to attack, and still requires compromise of your 2FA device in addition to finding out your password.