Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bitwarden. Show all posts

Bitwarden Users Attacked via Malicious Google Ads

Utilizing Google to look up the vendor's official Web vault login page, several customers of Bitwarden's password management service last week reported seeing paid advertising to phishing sites that steal credentials.

Google ads targeting Bitwarden users

Several password managers are cloud-based, enabling users to access their passwords via websites and mobile apps unless they utilize a local password manager like KeePass. The industry has criticized KeePass for being less user-friendly than cloud-based alternatives, but technical users rely on its security because it encrypts all passwords and the entire database and is saved locally on a computer rather than in the cloud.

According to a revelation from last week, Google ads phishing efforts that sought to acquire user password vault credentials specifically targeted Bitwarden and 1Password. Malicious advertising that targets users of Bitwarden and 1Password indicates that threat actors have added a new method for breaking into password managers and compromising the accounts connected to those passwords.

When clients browsed for terms like 'bitwarden password manager' or '1Password's Web vault,' for example, the malicious advertising which customers of Bitwarden and 1Password reported seeing last week was near the top of Google's search engine results. Additionally, the landing pages are of a high caliber. One Bitwarden user discovered a phishing website that so convincingly resembled the vendor's official Site that it was difficult to distinguish the two.

Recent hacks show that a master password is a password vault's weak link. As a result that when they gain access to your login information and maybe authentication cookies, threat actors have been seen developing phishing pages that target one's password vault.

Safeguarding password storage 

It is crucial to protect password vaults since they store the most sensitive internet data. Verifying that you are entering your credentials on the right website is always the first step to take when it comes to safeguarding your password storage against phishing threats.

Attackers have been employing the vector to spread a variety of viruses or links to malicious or phishing websites in order to steal login information and other personal data. They started employing these advertisements to imitate well-known and well-liked firms more recently. 

Hardware security keys, authentication apps, and SMS verification are the three finest MFA verification techniques to utilize when securing your account, going from best to worst. The login form for a legitimate service, such as Microsoft 365, will be displayed to visitors to the phishing page using this technique. Their credentials and MFA verification codes are entered, and this information is also sent to the website. The threat actors can access your account without having to check MFA again thanks to these tokens, which have already undergone MFA verification.



Another Top Password Manager is Doing Away with Passwords

 


It has been announced that the open-source password manager, Bitwarden, has become passwordless to ease and accelerate users' access to their Bitwarden vaults. It is intended to make the service easier and faster for users. With its wide range of features and low price, Bitwarden is an open-source password manager that is highly secure, comes with tons of extras, and provides security for a low price. 

Also, Bitwarden is a zero-knowledge password manager, which means no one from the company can access or view the information you store in your Bitwarden vault at any time. 

The security tools offered by Bitwarden are on par with what users would expect from a premium password manager, including strong encryption, two-factor authentication (2FA), password security auditing, password breach monitoring, and options to host it either on a cloud service or locally. It is also equipped with a unique Send feature, which allows you to securely send sensitive information and files to non-Bitwarden users while remaining private. 

It is a password manager that lets you keep unlimited passwords across unlimited devices. It is also one of the few password managers that allow unlimited passwords to be synced across unlimited devices on its free plan. This makes it a wise choice for anyone trying to manage their passwords. 

Bitwarden explained in a press release that its update to its device authentication mechanism allows users to approve a login using their mobile device. This is done by exchanging a public and private key between the website's vault and a recognized, authorized device. It is designed to help prevent fraud and identity theft. 

Password-less Bitwarden

Bitwarden is a member of the FIDO Alliance. They are one of the many companies that have been working to improve the security of passwordless logins as part of this move. This system is designed to ensure that phishing and hacking scams are reduced to a minimum. 

A recent in-house survey conducted by Bitwarden is supportive of Bitwarden's commitment to the Alliance. According to the study, "nearly half of companies plan to deploy passwordless technologies shortly," with security being a key driver behind the move. 

According to 1Password, a password management software program, almost half of employees share passwords, putting their secure credentials at risk. The decision to make logins more personal and to move away from password-relying systems, maybe the welcome news that many organizations have been waiting for. 

DuckDuckGo is thrilled to announce that, Bitwarden has been selected for the "first external password manager solution" that will be integrated into Apple's next-generation Safari browser on macOS devices to continue the work that it has been doing to ensure that users' privacy remains protected. 

Passwordless logins are becoming increasingly popular since Apple and Google showcased them at events in the past two years. Consumer interest in them has grown, but few companies have added support for them. PayPal, one of the most popular online payment systems, is now offering the updated type of authentication on its website and app.