{"id":10884,"date":"2026-02-24T05:03:28","date_gmt":"2026-02-24T05:03:28","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/24\/on-the-security-of-password-managers-html\/"},"modified":"2026-02-24T05:03:28","modified_gmt":"2026-02-24T05:03:28","slug":"on-the-security-of-password-managers-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/24\/on-the-security-of-password-managers-html\/","title":{"rendered":"On the Security of Password Managers"},"content":{"rendered":"\n<div>On the Security of Password Managers<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p><a href=\"https:\/\/arstechnica.com\/security\/2026\/02\/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true\/\">Good article<\/a> on password managers that secretly have a backdoor.<\/p>\n<blockquote>\n<p>New research shows that these claims aren\u2019t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, and LastPass and identified ways that someone with control over the server\u00ad\u2014either administrative or the result of a compromise\u00ad\u2014can, in fact, steal data and, in some cases, entire vaults. The researchers also devised other attacks that can weaken the encryption to the point that ciphertext can be converted to plaintext.<\/p>\n<\/blockquote>\n<p>This is where I plug my own <a href=\"https:\/\/www.pwsafe.org\/\">Password Safe<\/a>. It isn\u2019t as full-featured as the others and it doesn\u2019t use the cloud at all, but it\u2019s actual encryption with no recovery features.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2026\/02\/on-the-security-of-password-managers.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the Security of Password Managers Good article on password managers that secretly have a backdoor. New research shows that these claims aren\u2019t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[646,57,2313,554,1],"tags":[87],"class_list":["post-10884","post","type-post","status-publish","format-standard","hentry","category-backdoors","category-bruce-schneier","category-password-safe","category-passwords","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10884"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10884"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10884\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}