You might consider 1Password. They don’t have the key so they effectively only see an all of the data in encrypted form, not even revealing the site, if I recall.
They have some fascinating papers about it, if I recall.
That's standard for all password managers IIRC. If they can get your into your vault without your master secret then it is a bad password manager.
What has happened to some password managers though is that they don't store the metadata encrypted (like username, website name, etc.) so that leaks have revealed which sites you use but I don't think any decent password manager has leaked passwords without a client being hacked, right?
SahAssar|1 year ago
What has happened to some password managers though is that they don't store the metadata encrypted (like username, website name, etc.) so that leaks have revealed which sites you use but I don't think any decent password manager has leaked passwords without a client being hacked, right?
playingalong|1 year ago