Many people use password managers because most users have between 100 and 200 passwords and cannot remember them all. Cloud-based managers let users reach their passwords from different devices and share them with family members. Security is critical because these services store sensitive data, including online banking and credit card logins, in encrypted vaults.
Researchers from the Applied Cryptography Group at ETH Zurich studied three popular cloud-based password managers. They set up servers that acted like hacked servers and tested a malicious server threat model. The team demonstrated several attacks that could let an attacker see or change users' passwords. The attacks often used simple actions users normally perform, such as logging in, opening the vault, viewing passwords, or synchronising data.
The researchers followed responsible disclosure and contacted providers before publishing, and they gave the companies 90 days to fix the vulnerabilities. Recommendations include updating systems, offering migration choices for existing customers, and being transparent. Users should prefer managers that undergo external audits and have end-to-end encryption enabled by default.
Difficult words
- password manager — A tool that stores many login details.password managers
- cloud-based — A service that runs on internet servers.
- encrypt — To change data so others cannot read.encrypted
- vault — A secure place to keep digital passwords.vaults
- vulnerability — A weakness that attackers could use.vulnerabilities
- synchronise — To make the same data on different devices.synchronising
Tip: hover, focus or tap highlighted words in the article to see quick definitions while you read or listen.
Discussion questions
- Do you use a password manager? Why or why not?
- What would make you trust a cloud-based password manager?
- How many passwords do you have, and how do you remember them?
Related articles
Instagram bot campaigns target activists and media in Western Balkans
In November 2025 coordinated bot operations hit activist and media Instagram accounts in the Western Balkans. Reports on November 16 and 23, 2025 describe fake followers, mass reports, bot comments and mass liking that reduced visibility.
Why Rechargeable Batteries Lose Performance
Researchers found that repeated charging and discharging makes batteries expand and contract, causing tiny shape changes and stress. This “chemomechanical degradation” and spreading strain reduce performance and shorten battery life, and imaging revealed how it happens.
New device measures blood viscosity in real time
Researchers at the University of Missouri created a non-invasive device that monitors blood viscosity and density in real time using ultrasound and software. It can read blood without drawing samples and may help in diseases like sickle cell.