password-managers
2023
- A year after the disastrous breach, LastPass has not improved
- A way forward for PfP: Pain-free Passwords
- Documenting KeePass KDBX4 file format
- The end of PfP: Pain-free Passwords
- LastPass breach update: The few additional bits of information
- Password strength explained
- Bitwarden design flaw: Server side iterations
2022
- LastPass breach: The significance of these password iterations
- What’s in a PR statement: LastPass breach explained
- What data does LastPass encrypt?
- LastPass has been breached: What now?
2021
2019
- PfP: Pain-free Passwords security review
- Recognizing basic security flaws in local password managers
- Various RememBear security issues
- Bogus security mechanisms: Encrypting localhost traffic
- Should you be concerned about LastPass uploading your passwords to its server?
2018
- Maximizing password manager attack surface: Learning from Kaspersky
- Password managers: Please make sure AutoFill is secure!
- Is your LastPass data really safe in the encrypted online vault?
- Can Chrome Sync or Firefox Sync be trusted with sensitive data?
- Master password in Firefox or Thunderbird? Do not bother!
- Implementing safe sync functionality in a server-less extension
- Easy Passwords is now PfP: Pain-free Passwords
2017
2016
- Implementing efficient PBKDF2 for the browser
- More Last Pass security vulnerabilities
- Easy Passwords moving forward – filling in user names
- Underestimated issue: Hashing passwords without salts
- Adventures porting Easy Passwords to Chrome and back to Firefox
- Security considerations for password generators
- Introducing Easy Passwords: the new best way to juggle all those passwords