Notices where this attachment appears
-
Embed this notice
Wladimir Palant (wpalant@infosec.exchange)'s status on Wednesday, 10-Dec-2025 23:59:35 JST 
Wladimir Palant
Nice, BSI tested password manager security and their analysis actually makes sense: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/passwortmanager.pdf (German).
Two questions are particularly interesting: can the vendor access passwords (5/10 no) and is the entire storage encrypted (3/10 yes). Which leaves 1Password, Keepass2 Android and KeePassXC usable without reservations, while Avira Password Manager and Firefox Password Manager are usable with some concerns (the former uses crypto that cannot be verified, the latter requires a main password to be set explicitly). The other five tested products (Chrome Password Manager, mSecure, PassSecurium, SecureSafe, S-Trust) should not be used.
Not exactly news to me but good to see this confirmed – and good to see a proper analysis rather than grabbing low-hanging fruit for some bullshit statements.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.