this post was submitted on 17 Feb 2026
254 points (89.9% liked)

Technology

81451 readers
4531 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
254
Password managers are less secure than promised (ethz.ch)
submitted 2 days ago by Beep@lemmus.org to c/technology@lemmy.world
116 comments fedilink hide all child comments
 
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
you are viewing a single comment's thread
view the rest of the comments
[–] eatsnutellawivaspoon@feddit.uk 6 points 23 hours ago (3 children)

I use one of the password managers mentioned in the article, purely for the convenience of apps on all my devices, syncing and complex individual passwords. Should I be looking to move to self hosting something instead? Would my host (likely a synology Nas or raspberry pi) not then have the same risks?

[–] cevn@lemmy.world 4 points 17 hours ago (1 children)

I self host via vault warden. And I have it locked behind tailscale vpn. Aside from your server itself getting hacked, which is a risk, this is more secure than having passwords on the public internet.

[–] eatsnutellawivaspoon@feddit.uk 2 points 16 hours ago (1 children)

I host a pi hole via diet pi already, vault warden is packaged for diet pi already, project for the weekend!

[–] cevn@lemmy.world 2 points 16 hours ago (1 children)

Love the raspis, just make sure the passwords are not stored on the sd card because those fail all the time hah.

[–] eatsnutellawivaspoon@feddit.uk 1 points 16 hours ago

Good shout! Easy to mount a folder from my Nas on it though

[–] cmhe@lemmy.world 3 points 17 hours ago* (last edited 17 hours ago)

Security through layers. The flaws found here are about compromised server, so hosting your own server is a good first step. Next step is making the server only accessible via your own VPN. And of course hardening the server.

[–] iglou@programming.dev 4 points 22 hours ago (1 children)

I believe Proton Pass does not have the design flaws shown in the article. For instance, if you lose your password, you lose your data. Your data is encrypted and decrypted on your device.

[–] cmhe@lemmy.world 3 points 17 hours ago* (last edited 17 hours ago)

This is what all the listed password manager claim.

What was done here was tricking the client through the server to do things. So the fixes went into the client application.