"All eight of the top password managers have adopted the term "zero knowledge" to describe the complex encryption system they use to protect the data vaults that users store on their servers. The definitions vary slightly from vendor to vendor, but they generally boil down to one bold assurance: that there is no way for malicious insiders or hackers who manage to compromise the cloud infrastructure to steal vaults or data stored in them."
"Typical of these claims are those made by Bitwarden, Dashlane, and LastPass, which together are used by roughly 60 million people. Bitwarden, for example, says that "not even the team at Bitwarden can read your data (even if we wanted to)." Dashlane, meanwhile, says that without a user's master password, "malicious actors can't steal the information, even if Dashlane's servers are compromised." LastPass says that no one can access the "data stored in your LastPass vault, except you (not even LastPass).""
"Over the past 15 years, password managers have grown from a niche security tool used by the technology savvy into an indispensable security tool for the masses, with an estimated 94 million US adults-or roughly 36 percent of them-having adopted them. They store not only passwords for pension, financial, and email accounts, but often cryptocurrency credentials, payment card numbers, and other sensitive data."
Password managers have become widely adopted, holding passwords and sensitive financial, email, and cryptocurrency credentials for millions of users. Major providers label their server-side encryption as "zero knowledge", assuring that neither insiders nor attackers who compromise cloud infrastructure can read user vaults. Those assurances can fail when account recovery, vault sharing, or group organization features are enabled, creating attack paths that allow exposure of encrypted vault contents after a server compromise. High-profile breaches and the potential for state-level attackers increase the risk to users who rely on default or convenient account recovery and sharing settings.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]