Password managers less secure than promised
Source: Hacker News
The Need for Password Managers
People who regularly use online services typically have 100–200 passwords. Remembering every single one is impractical, so password managers become essential: they let users access all their credentials with a single master password.
Cloud‑Based Password Managers
Most password managers are cloud‑based, which offers two major benefits:
- Cross‑device access – passwords are available on phones, tablets, laptops, etc.
- Easy sharing – users can share credentials with friends or family members.
Because these services store highly sensitive data (login details for banking, credit cards, etc.) in encrypted storage “vaults,” security is the paramount concern.
The “Zero‑Knowledge” Claim
Many providers market their products with a “zero‑knowledge encryption” promise:
“Your stored passwords are encrypted, and the provider has zero knowledge of them. Even if the server is compromised, the data remains unreadable.”
However, this claim has been challenged.
Matilda Backendal: “We have now shown that this is not the case.”
The Study
The research was conducted by:
- Matilda Backendal
- Matteo Scarlata
- Kenneth Paterson
- Giovanni Torrisi
All are members of the Applied Cryptography Group at ETH Zurich. Backendal and Torrisi are currently affiliated with the Università della Svizzera italiana in Lugano.
Complete Access to Passwords
The research team examined the security architecture of three popular password‑manager providers—Bitwarden, LastPass, and Dashlane—which together serve roughly 60 million users and hold a 23 % market share.
Attack Summary
| Provider | Number of Demonstrated Attacks |
|---|---|
| Bitwarden | 12 |
| LastPass | 7 |
| Dashlane | 6 |
Threat Model
- Malicious‑server model – The researchers assumed that, after a breach, the password‑manager servers could behave arbitrarily and deviate from expected behavior when communicating with clients (e.g., web browsers).
Types of Attacks
- Integrity violations targeting specific user vaults.
- Full‑scale compromise of every vault within an organization that uses the service.
In most cases the attackers were able to:
- Read passwords stored in the vaults.
- Modify or delete passwords without the user’s knowledge.
How the Attacks Were Executed
The exploits relied only on ordinary interactions that users or browsers routinely perform with a password manager, such as:
- Logging into the account.
- Opening the vault.
- Viewing stored passwords.
- Synchronising data across devices.
“Due to the large amount of sensitive data they contain, password managers are likely targets for experienced hackers who are capable of penetrating the servers and launching attacks from there,” — Paterson, Professor of Computer Science, ETH Zurich.
Context
Attacks of this nature have already been observed in the wild, underscoring the importance of robust server‑side security and client‑side verification mechanisms for password‑manager services.
Confusing Code
“We were surprised by the severity of the security vulnerabilities,” says Paterson. His team had already discovered similar vulnerabilities in other cloud‑based services but had assumed a significantly higher standard of security for password managers due to the critical data they store. “Since end‑to‑end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before.”
Matteo Scarlata, a PhD student at the Applied Cryptography Group, carried out some of the attacks. While analysing how the various password managers were coded, he quickly came across a very strange code architecture. In his view, these companies are attempting to provide their customers with the most user‑friendly service possible—offering features such as password recovery or account sharing with family members.
“As a result, the code becomes more complex and confusing, and it expands the potential attack surface for hackers,” Scarlata explains. “Such attacks do not require particularly powerful computers or servers—just small programs capable of impersonating the server.”
As is common with “friendly” attacks, Paterson’s team contacted the providers of the affected systems before publishing their findings. The providers were given 90 days to fix the vulnerabilities.
“For the most part, the providers were cooperative and appreciative, but not all were as quick when it came to fixing the security vulnerabilities,” says Paterson.
Discussions with the developers revealed a strong hesitation toward system updates. They worry that customers could lose access to their passwords and other personal data. In addition to millions of private individuals, the customer base includes thousands of companies that entrust the providers with all of their password management. It is easy to imagine the consequences if they suddenly lost access to their data.
Many providers therefore continue to rely on cryptographic technologies from the 1990s, even though these have long been obsolete, says Scarlata.
Updating Systems with Modern Cryptography
The researchers have now made concrete suggestions for how the security of these systems could be improved.
- Scarlata proposes updating the systems for new customers in line with the latest cryptographic standards.
- Existing customers could then choose either:
- Migrate to the new, more secure system and transfer their passwords, or
- Stay with the old system—fully aware of its security vulnerabilities.
Recommendations for Password‑Manager Users
Paterson advises millions of daily password‑manager users to:
- Select a transparent password manager that openly discloses potential security vulnerabilities.
- Prefer solutions that undergo external audits to verify their security claims.
- Ensure end‑to‑end encryption is enabled by default (at a minimum).
“We want our work to help bring about change in this industry,” says Paterson. “The providers of password managers should not make false promises to their customers about security but instead communicate more clearly and precisely what security guarantees their solutions actually offer.”