password-managers

2023

• The end of PfP: Pain-free Passwords March 20
• LastPass breach update: The few additional bits of information February 28
• Password strength explained January 30
• Bitwarden design flaw: Server side iterations January 23

2022

• LastPass breach: The significance of these password iterations December 28
• What’s in a PR statement: LastPass breach explained December 26
• What data does LastPass encrypt? December 24
• LastPass has been breached: What now? December 23

2021

• How did LastPass master passwords get compromised? December 29

2019

• PfP: Pain-free Passwords security review September 26
• Recognizing basic security flaws in local password managers August 12
• Various RememBear security issues July 8
• Bogus security mechanisms: Encrypting localhost traffic April 11
• Should you be concerned about LastPass uploading your passwords to its server? March 18

2018

• Maximizing password manager attack surface: Learning from Kaspersky November 30
• Password managers: Please make sure AutoFill is secure! August 29
• Is your LastPass data really safe in the encrypted online vault? July 9
• Can Chrome Sync or Firefox Sync be trusted with sensitive data? March 13
• Master password in Firefox or Thunderbird? Do not bother! March 10
• Implementing safe sync functionality in a server-less extension March 8
• Easy Passwords is now PfP: Pain-free Passwords February 7

2017

• Easy Passwords released as a Web Extension July 17
• LastPass: Security done wrong March 23

2016

• Implementing efficient PBKDF2 for the browser October 25
• More Last Pass security vulnerabilities September 16
• Easy Passwords moving forward – filling in user names September 5
• Underestimated issue: Hashing passwords without salts May 4
• Adventures porting Easy Passwords to Chrome and back to Firefox May 2
• Security considerations for password generators April 20
• Introducing Easy Passwords: the new best way to juggle all those passwords April 19