Should you still trust your password manager?

Should you still trust your password manager?

From Safe Mode Podcast by Safe Mode Podcast

February 19, 2026 · 37 min

About this episode

Greg discusses the security of password managers and their vulnerabilities with Professor Kenny Patterson.

In this episode, Greg explores the gap between password manager marketing claims of "Zero Knowledge Encryption" and the reality uncovered by Swiss researchers who found 25 attacks against Bitwarden, LastPass, and Dashlane. Professor Kenny Patterson joins Greg to discuss why the industry's "honest-but-curious" security model is dangerously inadequate compared to a "malicious server" threat model, diving into three critical vulnerability categories: account recovery mechanisms that allow attackers to swap encryption keys, seemingly innocent features like icon fetching that leak passwords, and "vault malleability" where individual item encryption lets attackers cut-and-paste data between vault fields. They also discuss how legacy code support and backwards compatibility create cryptographic hazards, and what non-negotiable features are needed to build a truly "provably secure" password manager from scratch.

People in this episode

Host: Greg

Guest: Professor Kenny Patterson

Topics covered

  • password managers
  • cybersecurity
  • encryption
  • vulnerabilities
  • account recovery
  • data security

Keywords

  • password manager
  • Zero Knowledge Encryption
  • Bitwarden
  • LastPass
  • Dashlane
  • vulnerabilities
  • encryption keys
  • account recovery
  • cryptographic hazards

Mentioned in this episode

Organizations: Bitwarden, LastPass, Dashlane, Swiss researchers

More episodes of Safe Mode Podcast

Explore listener stats, chart rankings, contacts and more on the Safe Mode Podcast podcast page.