TL;DR
- Researchers at ETH Zurich and Università della Svizzera italiana published peer-reviewed research showing that major cloud password managers — Bitwarden, LastPass, Dashlane, and 1Password — have design flaws that can allow attackers to access vault contents, even without knowing your master password [1].
- The attacks require an attacker to first compromise the password manager's server — not your device. For most small businesses, the immediate risk is low but real for high-value targets [1].
- Vendors were notified months in advance; some fixes have been deployed, but several industry-wide design problems remain unsolved [2][3][4][5].
- 61% of data breaches involve stolen or compromised credentials [6] — this research matters because it challenges the assumption that password managers are an unconditional safety net.
- The right response is not to stop using password managers — it's to use them better, with the right configuration and awareness of their actual security model.
What Did the Researchers Actually Find?
Security researchers from ETH Zurich's Applied Cryptography Group and Università della Svizzera italiana published findings that many in the security community called "surprisingly severe" — including the ETH Zurich professor leading the research [1].
Get Our Weekly Cybersecurity Digest
Every Thursday: the threats that matter, what they mean for your business, and exactly what to do. Trusted by SMB owners across Australia.
No spam. No tracking. Unsubscribe anytime. Privacy
The team tested fo
Free Resource
Get the Free Cybersecurity Checklist
A practical, no-jargon security checklist for Australian businesses. Download free — no spam, unsubscribe anytime.
Send Me the Checklist →- 12 attack scenarios against Bitwarden
- 7 attack scenarios against LastPass
- 6 attack scenarios against Dashlane
- 3 attack scenarios against 1Password
These attacks are grouped into four categories, all targeting the server-side architecture of cloud password managers [1][2]:
1. Key Escrow Weaknesses — Password managers often allow you to recover your vault if you forget your master password. This recovery feature requires some form of key escrow, and researchers found that in several products, this mechanism can be abused by a server-side attacker to silently recover user vault keys.
2. Item-Level Vault Encryption Flaws — Some managers encrypt vault items individually, but leave metadata (labels, URLs, categories) unencrypted or unauthenticated. An attacker who controls the server can manipulate this metadata to infer what's in the vault, even without decrypting items.
3. Credential Sharing Vulnerabilities — The "share passwords with team members" feature in business tiers of these products uses cryptographic protocols that, under malicious-server conditions, can allow vault contents to be exposed during the sharing exchange.
4. Backward Compatibility Issues — Supporting older client software versions often means maintaining weaker legacy cryptographic protocols. Attackers with server access can silently downgrade a client's security to use these weaker protocols.
According to Prof. Dr. Kenneth Paterson of ETH Zurich: "We were surprised by the severity of the security vulnerabilities. Since end-to-end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before" [1].
Related: 80% of Phishing Attacks Are Now AI-Powered
What Does "Zero-Knowledge Encryption" Actually Mean — and Where Does It Break Down?
Cloud password managers sell themselves on a core promise: zero-knowledge encryption. The idea is that your master password never leaves your device. The service provider stores only an encrypted blob they cannot read. Only you — with your master password — can decrypt your vault.
This model is sound in theory. But it makes a critical assumption: that the server behaves honestly and is not compromised. The ETH Zurich research specifically tests what happens when that assumption fails — what security researchers call the "malicious server" threat model [1].
In several of the attack scenarios documented, an attacker who controls or compromises the password manager's server can:
- Serve modified software clients that exfiltrate keys before encryption occurs
- Manipulate key exchange protocols during credential sharing
- Exploit authentication weaknesses during the initial login sync to recover vault decryption keys
- Downgrade cryptographic parameters to break the encryption outright
Importantly, most of these attacks require the attacker to first own the password manager's server infrastructure. This is a significant barrier — but not an impossible one. LastPass was breached in 2022, resulting in the theft of millions of encrypted vaults [7]. If the ETH Zurich attacks had been known and deployed by the LastPass attackers, the impact would have been substantially worse.
What This Means for Your Business
The practical risk for most small businesses is low-to-moderate, not catastrophic. The ETH Zurich researchers themselves stated: "Most users are unlikely to be targeted via the attacks we presented, as they require considerable skills and knowledge from the attackers." [1] Casual opportunistic criminals won't typically invest the resources to execute these attacks.
However, the research matters for several concrete reasons:
You should not assume password managers are a perfect security guarantee. They remain far safer than reusing passwords or storing credentials in spreadsheets — that position hasn't changed. But understanding the boundaries of your tools helps you design better controls around them [8].
High-value targets face elevated risk. If your business handles sensitive financial data, healthcare records, legal documents, or government contracts, the threat model changes. According to IBM's 2025 Cost of a Data Breach Report, credential-based breaches cost an average of $4.88M and take 258 days to identify and contain [9]. Businesses in regulated industries should consider on-premises or hardware-based credential management for their highest-sensitivity accounts.
The credential sharing feature deserves specific scrutiny. The attack scenarios targeting credential sharing are particularly relevant for businesses that share passwords across team members — a common practice that most password manager business plans facilitate. Review your shared vault architecture with your IT security contact.
Verizon's 2025 DBIR found that 61% of breaches involve compromised credentials, and that password reuse remains endemic across small business environments [6]. Even with the ETH Zurich limitations in mind, using a password manager correctly is categorically safer than the alternative for the vast majority of businesses.
ISO 27001 SMB Starter Pack — $97
Everything you need to start your ISO 27001 journey: gap assessment templates, policy frameworks, and implementation roadmap built for Australian SMBs.
Get the Starter Pack →How Vendors Responded
All four vendors — Bitwarden, LastPass, Dashlane, and 1Password — were notified of the research many months before publication and have since fixed some of the identified flaws.
1Password's CISO stated: "Our security team reviewed the paper in depth and found no new attack vectors beyond those already documented in our publicly available Security Design White Paper. We use Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks." [3]
Bitwarden, LastPass, and Dashlane acknowledged the research as valuable and have moved to address some flaws, while noting that certain issues — particularly the verification of public key authenticity during credential sharing — represent industry-wide challenges not yet fully solved [2][4][5].
The ETH Zurich team proposed the use of specialised password manager clients that force migration to new, more secure vault formats — preventing functionality loss while preserving security for the entire user base [1].
Related: Your Vendors Are Your Biggest Security Gap
5 Practical Steps for SMBs Using Password Managers
Step 1: Keep your password manager client updated. Several of the identified attack vectors are mitigated in newer client versions. Enable automatic updates for your password manager application on all devices. This is your first and simplest line of defence [8].
Step 2: Enable MFA on your password manager account. Even if vault contents were compromised, MFA on the manager account itself creates a significant additional barrier to direct account access. Use an authenticator app (not SMS) for your password manager's own login [10].
Step 3: Audit your shared credentials. Review what your team is sharing through the password manager's team/business vault. For the highest-sensitivity credentials — banking, payroll, tax systems — consider whether these should be in the shared vault at all, or whether they warrant separate, individually managed access.
Step 4: Use a unique, long master password — and store it offline. The ETH Zurich attacks become significantly more difficult when the master password is long (20+ characters), unique (not used anywhere else), and unknown to attackers. Write it down and store it in a physically secure location. If an attacker cannot brute-force your master password, many of these attack vectors become practically infeasible [8].
Step 5: Understand what your password manager's recovery options mean. If your password manager offers account recovery (for when you forget the master password), understand how it works. Recovery features often introduce key escrow — which was one of the primary attack surfaces identified in this research. If you have strong operational controls around master password management, consider whether the recovery feature is worth the additional attack surface.
FAQ
No. Password managers remain far safer than the alternatives — reusing passwords across sites, storing credentials in spreadsheets or email, or relying on browser-saved passwords without a master password. The ETH Zurich research identifies real design flaws, but the attack scenarios require a server-side compromise first. The risk of not using a password manager — being exposed to credential stuffing, phishing, and password reuse attacks — is significantly higher for most small businesses. Use one. Use it correctly.
1Password had the fewest identified attack scenarios (3), partly due to its use of Secure Remote Password (SRP) authentication which prevents transmission of encryption keys to servers [3]. Bitwarden had the most identified scenarios (12), partly because it offers more recovery and sharing features that introduce additional cryptographic complexity. However, attack scenario count alone isn't a complete security assessment — operational factors, update cadence, and company transparency also matter. All four vendors took the research seriously.
Potentially, yes. LastPass disclosed in 2022 that attackers stole encrypted password vaults from their servers. At the time, the assessment was that encrypted vaults were protected by zero-knowledge encryption. The ETH Zurich research suggests design flaws in LastPass's architecture that, if exploited by the 2022 attackers, could have partially undermined that protection [7]. If you were a LastPass user in 2022 and used the sharing or recovery features, your data may have been at greater risk than previously understood. Rotating your most sensitive passwords is advisable.
Local password managers — like KeePass — store your vault on your device only, removing the server-side attack surface entirely. This eliminates the ETH Zurich attack categories. The trade-off is convenience: no sync across devices, no easy sharing, and manual backup responsibility. For businesses with very high security requirements (finance, law, healthcare), local or hardware-managed credential storage may be worth the operational overhead.
Most standard business owner's policies (BOPs) do not include cyber liability coverage. Dedicated cyber liability insurance may cover data breach costs and notification expenses resulting from a compromised credential vault. Review your policy with your insurer and specifically ask about credential compromise and downstream breach liability. lilMONSTER can help you map this exposure as part of a security assessment.
References
[1] A. Jenni, M. Mäurer, and K. G. Paterson, "Security Analysis of Cloud-Based Password Managers," IACR ePrint Archive, 2026. [Online]. Available: https://eprint.iacr.org/archive/2026/058/1771279946.pdf
[2] H. Bose, "Design weaknesses in major password managers enable vault attacks, researchers say," Help Net Security, February 17, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/02/17/password-managers-weaknesses-vault-attacks/
[3] 1Password, "ETH Zurich Zero-Knowledge Malicious Server Review — 1Password Response," 1Password Blog, 2026. [Online]. Available: https://1password.com/blog/eth-zurich-zero-knowledge-malicious-server-review
[4] LastPass, "Details on Hardening in Response to ETH Zurich Reported Security Issues," LastPass Blog, 2026. [Online]. Available: https://blog.lastpass.com/posts/details-on-hardening-in-response-to-eth-zurich-reported-security-issues
[5] Dashlane, "Zero-Knowledge and the Malicious Server Model," Dashlane Blog, 2026. [Online]. Available: https://www.dashlane.com/blog/zero-knowledge-malicious-server
[6] Verizon, "2025 Data Breach Investigations Report," Verizon Business, 2025. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/
[7] BleepingComputer, "LastPass says hackers had access to its systems for four days," BleepingComputer, 2022. [Online]. Available: https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-access-to-its-systems-for-four-days/
[8] NIST, "Digital Identity Guidelines — Authentication and Lifecycle Management (SP 800-63B)," National Institute of Standards and Technology, 2024. [Online]. Available: https://pages.nist.gov/800-63-4/sp800-63b.html
[9] IBM Security, "Cost of a Data Breach Report 2025," IBM, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach
[10] CISA, "More Than a Password — Multi-Factor Authentication," U.S. Cybersecurity and Infrastructure Security Agency, 2025. [Online]. Available: https://www.cisa.gov/mfa
Not sure whether your business's password practices are actually protecting you? lilMONSTER runs straightforward security assessments for SMBs — no jargon, no pressure. We help you fix the things that actually matter. Book a free consultation →
Work With Us
Ready to strengthen your security posture?
lilMONSTER assesses your risks, builds the tools, and stays with you after the engagement ends. No clipboard-and-leave consulting.
Book a Free Consultation →TL;DR
- University researchers found that popular password managers — including Bitwarden, LastPass, 1Password, and Dashlane — have design problems that could let attackers steal your passwords under certain conditions.
- The attacker would need to break into the password manager company's servers first — not your device. So this isn't a "run and panic" situation.
- You should still use a password manager. But use it smartly, with the right settings.
- Four practical things to do right now that cost nothing and make your setup significantly safer.
Let's Start With the Analogy
Imagine your passwords are stored in a safety deposit box at a bank. The bank promises they have no key to your box — only you do. That's what password managers mean when they say "zero-knowledge encryption."
Researchers from ETH Zurich (a famous Swiss university) spent months asking: what happens if a thief gets into the bank itself — not your box? Can they still get at your stuff?
The answer, unfortunately, is: in some cases, yes — even without your key.
The researchers found ways that a thief inside the bank (or someone who hacked the bank's computers) could manipulate certain things to eventually get into some of the boxes. It requires getting into the bank's systems first, which is hard. But not impossible. And it's happened before — LastPass had their servers broken into in 2022.
Why This Matters for Your Business
Your business probably uses one of these password managers — or should be. 61 out of every 100 data breaches involve stolen login credentials. A password manager is one of the best ways to stop that happening to you.
But this research is a useful reality check: password managers are not magical unbreakable vaults. They're very good safes — but good safes have known weaknesses that smart attackers study. Knowing this helps you use them more carefully.
What Were the Actual Flaws?
The researchers found four types of problems:
1. The "forgot my master password" feature creates a vulnerability. When you can recover your account by email or backup key, the system has to store something extra to make that possible. That "something extra" can be exploited by an attacker who controls the company's servers.
2. Sharing passwords with teammates isn't fully protected. The feature that lets you share a login with a staff member uses a process that can be manipulated by a server-side attacker to intercept the shared password.
3. Some information in your vault isn't encrypted at all. Labels, website names, and categories are often stored in plain text. An attacker can use this to guess what's in your vault even without breaking the encryption.
4. Old device support = weaker security. Supporting older phones and computers means using older, weaker security methods. Attackers can trick the system into using these weaker methods.
The key thing to understand: the attackers would need to break into the password manager company's own servers first. That's a high bar. But it's not zero.
You Should Still Use a Password Manager
The alternative — reusing the same password everywhere, or writing passwords in a spreadsheet, or saving them in a sticky note — is dramatically more dangerous. The risks there are not "possible if a sophisticated attacker compromises a server." The risks there are "you get phished once and every account you have is gone."
Password managers are still the right choice. This research just tells us to use them more carefully.
4 Things to Do Right Now
1. Turn on MFA (two-step login) for your password manager account. Even if someone somehow got your vault, they'd still need your phone or authenticator app to log in. This stops most attacks cold.
2. Keep your password manager app updated. Some of the flaws found by the researchers have already been fixed in newer versions. Update the app on your phone and computer.
3. Make your master password long and unique. Use a phrase — something like "MyDogLovesRainyMornings2026" — something nobody would guess and that you've never used anywhere else. Long beats complex. Write it down and keep it somewhere physically safe (not on your computer).
4. Review what you're sharing. If you share passwords with staff through your password manager, check which ones. For the most sensitive accounts — your bank, your accounting software, your payroll system — consider whether those should be shared at all, or managed individually with tight access controls.
The Bottom Line
Password managers are like a fitness trainer for your business's security — they help you build strength and good habits. This research doesn't mean the trainer is useless. It means no trainer is perfect, and knowing their limitations helps you use them well.
At lilMONSTER, we help small businesses figure out which tools actually match their risk level — and how to configure them properly so they deliver the protection they promise.
Want to know how your business's password and credential setup actually holds up? Book a free conversation with lilMONSTER →
FAQ
Q: What is the main security concern covered in this post? A:
Q: Who is affected by this? A:
Q: What should I do right now? A:
Q: Is there a workaround if I can't patch immediately? A:
Q: Where can I learn more? A:
