Your Password Manager Isn't As Secure As You Think: A Deep Dive into Vulnerabilities
Over the past 15 years, password managers have transitioned from a niche security tool for tech enthusiasts to an essential security utility for the masses. An estimated 94 million US adults – roughly 36% of the population – now rely on them. These tools store not only passwords for critical accounts like banking, email, and retirement funds, but also sensitive data such as cryptocurrency credentials, payment card numbers, and more. The widespread adoption underscores the increasing reliance on these tools for digital security, but a recent study reveals a concerning truth: your password manager might not be as secure as you believe.
The Promise of "Zero Knowledge" Encryption
All eight leading password managers prominently feature the term “zero knowledge” to describe their encryption systems. While definitions vary slightly, the core assurance is consistent: neither malicious insiders nor hackers compromising the cloud infrastructure can access your stored vaults or data. This promise is particularly relevant given past breaches, like those experienced by LastPass, and the realistic threat of sophisticated, state-level actors targeting high-value individuals. Companies like Bitwarden, Dashlane, and LastPass, collectively used by around 60 million people, all make strong claims about the impenetrability of their systems.
What Password Managers Claim
- Bitwarden: “Not even the team at Bitwarden can read your data (even if we wanted to).”
- Dashlane: “Without a user’s master password, malicious actors can’t steal the information, even if Dashlane’s servers are compromised.”
- LastPass: “No one can access the data stored in your LastPass vault, except you (not even LastPass).”
The "Zero Knowledge" Assurance Debunked: New Research Reveals Flaws
Recent research challenges these assurances, particularly when account recovery features are enabled or vault sharing/group organization is utilized. Researchers reverse-engineered and analyzed Bitwarden, Dashlane, and LastPass, identifying vulnerabilities that allow server-level access to data, and in some cases, entire vaults. They also discovered attacks that can weaken encryption, converting ciphertext into readable plaintext. These findings raise serious questions about the true security offered by these popular tools.
“The vulnerabilities that we describe are numerous but mostly not deep in a technical sense,” the researchers from ETH Zurich and USI Lugano wrote. “Yet they were apparently not found before, despite more than a decade of academic research on password managers and the existence of multiple audits of the three products we studied. This motivates further work, both in theory and in practice.” The researchers suggest that many other password managers likely share these vulnerabilities, singling out 1Password as the only one they were able to confidently exclude from the scope of their findings.
Specific Attacks and Vulnerabilities
The most severe attacks, targeting Bitwarden and LastPass, allow insiders or attackers to read or write to entire vaults. These exploits often leverage weaknesses in key escrow mechanisms (allowing account recovery when a master password is lost) or support for legacy versions of the password manager. A vault-theft attack against Dashlane allowed reading, but not modification, of vault items when shared with other users.
The Old Key Switcheroo: Exploiting Bitwarden's Key Escrow
One attack targeting Bitwarden’s key escrow occurs during new member enrollment in a family or organization. The invitee’s client obtains a group symmetric key and public key from the server, encrypts the symmetric key with the public key, and sends the ciphertext back to the server for account recovery. Critically, this data isn’t integrity-checked. An adversary can replace the legitimate group public key with their own, decrypt the ciphertext using their private key, and gain full access to the member’s vault. This attack is particularly dangerous when autorecovery mode is enabled, or can be forced even if manual recovery is selected due to a lack of integrity checks on downloaded group policies.
The researchers also discovered a "worm-like" propagation potential. The adversary gains access to the symmetric key for all groups the member belongs to, potentially compromising multiple vaults through overlapping group memberships. “This process can be repeated in a worm-like fashion, infecting all organizations that have key recovery enabled and have overlapping members,” the research paper explained.
Bitwarden Vault Key Rotation Vulnerability
Another Bitwarden attack exploits vault key rotation, a recommended practice when a master password is suspected to be compromised. When account recovery is enabled, the client regenerates recovery ciphertext, obtaining a new public key from the server – a key that isn’t authenticated. An adversary can supply their own public key, allowing them to decrypt the ciphertext and obtain the user’s symmetric key.
LastPass Teams Vulnerability
A similar attack targets LastPass Teams and Teams 5 versions, specifically when a superadmin resets a member’s master key. The client retrieves RSA keypairs assigned to each superadmin, encrypts the new key with each one, and sends the ciphertext. Because LastPass doesn’t authenticate these superadmin keys, an adversary can substitute their own public key. While theoretically limited to teams with password reset enabled, the researchers found that LastPass clients query the server for admin keys at each login, regardless of enrollment status. This attack requires login through the browser extension, not the standalone app.
Dashlane Shared Vault Exploits
Attacks targeting Dashlane’s shared vaults involve exploiting the lack of authentication for newly created RSA keypairs when sharing items. The item is encrypted with the recipient’s private key, but an adversary can supply their own keypair, decrypt the ciphertext, and gain access to the shared item. Similar attacks are possible with Bitwarden and LastPass when sharing is enabled.
Backward Compatibility: A Hidden Weakness
All three password managers maintain backward compatibility to support older, less secure versions. While intended to prevent data loss for users who haven’t upgraded, this compatibility introduces vulnerabilities. Older versions often lack the security enhancements found in newer iterations, creating potential entry points for attackers. Bitwarden’s older versions, for example, used a single symmetric key for encryption, making them susceptible to tampering.
The Psychological Blind Spot and Marketing Hype
The researchers acknowledge that a full server compromise is a significant hurdle, but argue that the threat model is realistic. “Attacks on the provider server infrastructure can be prevented by carefully designed operational security measures, but it is well within the bounds of reason to assume that these services are targeted by sophisticated nation-state-level adversaries, for example via software supply-chain attacks or spearphishing,” they wrote. They also point to LastPass’s history of breaches in 2015, 2021, and 2022 as evidence of the inherent risks.
“It’s a psychological problem when you’re writing both client and server software,” Paterson explained. “You should write the client super defensively, but if you’re also writing the server, well of course your server isn’t going to send malformed packets or bad info. Why would you do that?”
The term “zero knowledge” itself is often misused. While widely adopted, it differs significantly from zero-knowledge proofs, a distinct cryptographic method. The researchers suggest it’s largely “marketing hype,” akin to “military-grade encryption.”
Responses from Password Manager Providers
Bitwarden, LastPass, Dashlane, and 1Password have all responded to the research, acknowledging the threat model and highlighting their ongoing security efforts. They emphasize regular security audits, penetration testing, bug bounty programs, and continuous monitoring. However, some companies have also defended their use of the “zero knowledge” term, while others acknowledge the theoretical possibility of server-side manipulation.
Key takeaways from provider statements:
- Bitwarden: The described attacks assume a “full server compromise and adversarial behavior beyond standard operating assumptions.”
- LastPass: Emphasizes a “multi-layered, ongoing approach to security assurance.”
- Dashlane: Conducts “rigorous internal and external testing.”
- 1Password: Claims no new attack vectors beyond those already documented in their Security Design White Paper.
What Does This Mean for You?
The research doesn’t necessarily mean you should abandon password managers altogether. However, it underscores the importance of understanding their limitations and taking proactive steps to enhance your security. Consider the following:
- Enable Multi-Factor Authentication (MFA): This adds an extra layer of security, even if your password manager is compromised.
- Use a Strong, Unique Master Password: This is the single most important security measure.
- Disable Account Recovery Features (If Possible): While convenient, these features introduce vulnerabilities.
- Limit Vault Sharing: Avoid sharing vaults unless absolutely necessary.
- Keep Your Password Manager Software Updated: Updates often include critical security patches.
- Consider a Hardware Security Key: For the highest level of security, use a hardware security key to protect your master password.
The security landscape is constantly evolving. Staying informed about the latest vulnerabilities and adopting best practices is crucial for protecting your digital life. Don't assume your password manager is an impenetrable fortress – treat it as a valuable tool that requires careful management and a healthy dose of skepticism. The promise of "zero knowledge" may be more marketing than reality, and a layered security approach is always the most prudent strategy.