Dark professional cybersecurity header graphic showing a cracked digital password vault with glowing blue circuit board background. Yellow headline reads "WARNING FOR WISCONSIN BUSINESSES: New Research Just Exposed Gaps in Popular Password Managers" with ETH Zurich Study details for Bitwarden, LastPass, Dashlane, and 1Password. ForgeGuard IT logo and shield. Illustrates latest password manager security research for Wisconsin businesses.
CYBERSECURITY RESEARCH • FEBRUARY 17, 2026

Warning for Wisconsin Businesses: New Research Just Exposed Gaps in Popular Password Managers

What the latest ETH Zurich study means for your security — and how ForgeGuard IT actually protects clients with real defense-in-depth.

A team of researchers from ETH Zurich and Università della Svizzera italiana dropped a peer-reviewed study yesterday that every business owner should read — especially with the password manager flaws Wisconsin businesses are facing right now.

They tested four of the biggest cloud-based password managers — Bitwarden, LastPass, Dashlane, and 1Password — under the assumption of a fully malicious server. The result? 27 distinct attack scenarios that could let an attacker view, modify, or fully compromise encrypted password vaults.

Breakdown (straight from the paper):

  • Bitwarden: 12 scenarios
  • LastPass: 7 scenarios
  • Dashlane: 6 scenarios
  • 1Password: 2 scenarios (strongest performer thanks to its extra secret-key layer)

The attacks target key escrow/recovery, vault encryption, sharing/organizational features, and backwards compatibility. One example that stood out: Bitwarden’s “malicious auto-enrolment” attack during onboarding where an attacker could swap keys and walk away with full vault access — completely undetected.

Important context: Responsible disclosure was followed. No evidence of real-world exploitation. Bitwarden, LastPass, and Dashlane are actively patching. 1Password released their review yesterday confirming the findings align with already-known design trade-offs.

Full Transparency: We Use 1Password at ForgeGuard IT

We practice what we preach. Here at ForgeGuard IT, our entire internal team runs on 1Password. It was the clear strongest performer in the ETH Zurich study (only 2 scenarios) thanks to its additional high-entropy secret key. Their official blog post released yesterday matches exactly how we think about security: acknowledge real architectural limits, stay transparent, and never rely on any single tool alone.

Read 1Password’s full response →

Password managers are still one of the smartest tools out there… but they are only one layer. Password manager flaws Wisconsin businesses face today make it clear that one tool alone is never enough.

How ForgeGuard IT Actually Protects Wisconsin Businesses

🛡️
SentinelOne EDR/XDR – stops threats before they reach your passwords
🔧
NinjaOne RMM – proactive patching & monitoring so vulnerabilities never sit
📧
Microsoft 365 Business Premium – enterprise MFA, DLP, Intune device control
🌐
Ubiquiti UniFi Networking – proper segmentation so one breach stays contained
📹
Camera & Door Access Systems – professional video surveillance and access control tailored to your site and budget (Ubiquiti preferred)

What Wisconsin Businesses Should Do About These Password Manager Flaws

  1. Check your password manager’s status page for today’s patches
  2. Enable every MFA option (hardware keys preferred)
  3. Review shared vaults and recovery settings
  4. Test your full security posture — not just passwords

Or skip the homework and let us do it for you.

Book Your FREE 15-Minute Cyber Risk Audit

We’ll scan your passwords, endpoints, email, network, cameras, and recovery — zero sales pitch, zero cost.

Click Here to Book →
Austin • ForgeGuard IT – Honest IT & Physical Security for Wisconsin Businesses
Racine • Madison • Serving the state • forgeguardit.com

Ready to secure your business?

Contact us today!
Get in Touch

Copyright ForgeGuardit © 2025. All rights reserved

Facebook-f X-twitter Instagram
>