In the last 15 years, password managers have shifted from a niche security option for the tech-savvy to a widely used protection tool for the public, with an estimated 94 million US adults—or roughly 36 percent—now using them. They keep not only passwords for retirement, financial, and email accounts, but also cryptocurrency credentials, payment card details, and other sensitive information.
All eight of the leading password managers label their sophisticated encryption as “zero knowledge” to describe how they protect the vaults users store on their servers. Vendor definitions differ slightly, but they typically amount to one bold pledge: that neither malicious insiders nor attackers who compromise the cloud infrastructure can extract vaults or the data inside them. Those assurances are understandable given previous breaches of LastPass and the realistic expectation that state-level adversaries have both motive and capability to obtain password vaults belonging to high-value targets.
A bold guarantee undermined
Typical examples are the claims from Bitwarden, Dashlane, and LastPass, which together serve about 60 million users. Bitwarden, for instance, asserts that “not even the team at Bitwarden can read your data (even if we wanted to).” Dashlane, meanwhile, says that without a user’s master password, “malicious actors can’t steal the information, even if Dashlane’s servers are compromised.” LastPass claims that no one can access the “data stored in your LastPass vault, except you (not even LastPass).”
Recent research shows those claims don’t hold in all scenarios, particularly when account recovery is enabled or when password managers allow vault sharing or group organization. The researchers reverse-engineered or closely examined Bitwarden, Dashlane, and LastPass and discovered ways that an entity with control of the server—either via administrative access or after a compromise—can in fact steal data and, in some instances, entire vaults. They also crafted additional attacks that can weaken protections until ciphertext can be converted back to plaintext.
