ETH Zurich Bombshell: Bitwarden, LastPass, and Dashlane All Show Major Security Flaws
ETH Zurich researchers successfully demonstrated twenty-five security flaws across three major cloud password managers: Bitwarden, LastPass, and Dashlane.
The takes are sharply split on digital safety. A segment dismisses cloud managers entirely, with ThunderComplex calling them 'scams' due to ceded data control. Meanwhile, others defend these services out of practical necessity, citing the need to accommodate non-technical family members, as noted by DahGangalang and MalReynolds. On the LLM front, the discussion centers on risk: while markz sounds the alarm over the widespread, unvetted practice of using AI for passwords, Ephera counters that LLMs aren't doomed, stating they require explicit tool-calling, like calling `pwgen`, to achieve genuine randomness.
The core consensus points to extreme user caution. For maximum security, users are leaning toward decentralized, high-maintenance personal solutions like KeePassXC/Syncthing. The established vulnerability of major cloud players, combined with LLMs' predictive text bias, creates a clear mandate: users must bypass mainstream tools for genuine protection.
Key Points
Major cloud password managers are compromised.
ETH Zurich researchers found demonstrable flaws across Bitwarden, LastPass, and Dashlane.
LLMs are inherently bad for passwords.
markz expressed alarm over the public's tendency to use LLMs for unvetted password generation.
LLMs can be made secure with correct prompting.
Ephera detailed that LLMs only fail because they default to token prediction; tool-calling like `pwgen` solves the issue.
Cloud password managers represent a loss of control.
ThunderComplex labeled these services 'scams' due to giving providers total data control.
High-security users favor local, complex setups.
The general consensus favors decentralized tools like KeePassXC/Syncthing, despite their complexity.
Source Discussions (4)
This report was synthesized from the following Lemmy discussions, ranked by community score.