New research challenges password managers' claims of zero-knowledge architecture. By reverse-engineering Bitwarden, Dashlane, and LastPass, researchers found that server-side control — whether administrative or via compromise — can enable vault theft, especially when account recovery or vault sharing features are enabled. Some
•1m read time• From schneier.com
Sort: