- Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
- Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
- However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
This is what Bitwarden claims to do, and yet we have a paper showing that with a compromised server there exists a vulnerability.
What they claim to do and what they do is not necessarily the same. If done properly, the server does not need to be trusted.