Bitwarden Heist - How to Break into Password Vaults Without Using Passwords::Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …
This is a great write up. I was expecting some gotcha, but step-by-step it all makes sense. Many layers of this onion
"activating biometric login on Windows means that the derived key is encrypted locally using a secret which can be retrieved after authentication via Windows Hello. "…