Exploitable Flaws Found in Cloud-Based Password Managers
Summary
Academic security researchers have identified exploitable flaws in cloud-based password managers that claim zero knowledge encryption; these flaws threaten the security of stored passwords and may require vendors to patch their systems.
Why It Matters for Texas Credit Unions
Texas credit unions are subject to similar cybersecurity standards as other credit unions, making this relevant for risk management and compliance.
Original Source Material
'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' Guarantees Claims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.