password-managers

2023

A way forward for PfP: Pain-free Passwords May 2
Documenting KeePass KDBX4 file format March 29
The end of PfP: Pain-free Passwords March 20
LastPass breach update: The few additional bits of information February 28
Password strength explained January 30
Bitwarden design flaw: Server side iterations January 23

2022

LastPass breach: The significance of these password iterations December 28
What’s in a PR statement: LastPass breach explained December 26
What data does LastPass encrypt? December 24
LastPass has been breached: What now? December 23

2021

How did LastPass master passwords get compromised? December 29

2019

PfP: Pain-free Passwords security review September 26
Recognizing basic security flaws in local password managers August 12
Various RememBear security issues July 8
Bogus security mechanisms: Encrypting localhost traffic April 11
Should you be concerned about LastPass uploading your passwords to its server? March 18

2018

Maximizing password manager attack surface: Learning from Kaspersky November 30
Password managers: Please make sure AutoFill is secure! August 29
Is your LastPass data really safe in the encrypted online vault? July 9
Can Chrome Sync or Firefox Sync be trusted with sensitive data? March 13
Master password in Firefox or Thunderbird? Do not bother! March 10
Implementing safe sync functionality in a server-less extension March 8
Easy Passwords is now PfP: Pain-free Passwords February 7

2017

Easy Passwords released as a Web Extension July 17
LastPass: Security done wrong March 23

2016

Implementing efficient PBKDF2 for the browser October 25
More Last Pass security vulnerabilities September 16
Easy Passwords moving forward – filling in user names September 5
Underestimated issue: Hashing passwords without salts May 4
Adventures porting Easy Passwords to Chrome and back to Firefox May 2
Security considerations for password generators April 20
Introducing Easy Passwords: the new best way to juggle all those passwords April 19