Bitwarden Heist - How to Break into Password Vaults Without Using Passwords::Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …

  • @[email protected]
    link
    fedilink
    English
    411 months ago

    This is a great write up. I was expecting some gotcha, but step-by-step it all makes sense. Many layers of this onion

    "activating biometric login on Windows means that the derived key is encrypted locally using a secret which can be retrieved after authentication via Windows Hello. "…