Over the past 15 years, password managers have grown from a niche security tool used by tech nerds to an indispensable security tool for the masses, with an estimated 94 million American adults – or about 36 percent of them – adopting them. They store not only passwords for pension, financial and email accounts, but also cryptocurrency credentials, payment card numbers and other sensitive data.
All eight of the top password managers have adopted the term “zero knowledge” to describe the complex encryption systems they use to protect the data vaults stored on their servers by users. Definitions vary slightly from vendor-to-vendor, but generally they boil down to one bold assurance: There is no way for malicious insiders or hackers who manage to compromise the cloud infrastructure to steal the vaults or the data stored in them. These promises make sense, given LastPass’s past breaches and the reasonable expectation that state-level hackers have both the motive and the ability to obtain password vaults belonging to high-value targets.
A bold assurance rejected
Among these, specific claims have been made by Bitwarden, Dashlane, and LastPass, which are used by approximately 60 million people. For example, Bitwarden says that “Even the Bitwarden team can’t read your data (even if we wanted to).” Meanwhile, Dashlane says that without a user’s master password, “malicious actors cannot steal information, even if Dashlane’s servers are compromised.” LastPass says that “No one can access the data stored in your LastPass Vault except you (not even LastPass).”
New research shows that these claims are not true in all cases, especially when account recovery is underway or password managers are set to share the vault or organize users into groups. Researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, and LastPass and identified ways in which those who have control over the servers – either administratively or as a result of compromise – can actually steal data and, in some cases, entire vaults. Researchers also devised other attacks that could weaken the encryption to such an extent that the ciphertext could be converted to plaintext.
<a href