Cloudless Software Articles

Why Zero-Knowledge Encryption Is Not Enough: What the ETH Zurich Study Means for Your Passwords

Cloudless Software — Wed, 27 May 2026 08:00:00 -0700

Researchers from ETH Zurich developed 25 successful attacks against Bitwarden, LastPass, and Dashlane — the password managers used by 60 million people. The encryption was never the problem. The server was. Every attack required a compromised central server that manipulated encryption parameters, tampered with vault contents during sync, or exploited backward compatibility with 1990s-era cryptography.

Every one of those attacks fails against a local-first architecture because the attack surface does not exist. There is no server to compromise. This article breaks down exactly how each attack category works and why removing the server eliminates it entirely.

Read the full article

Best Offline Password Managers Compared: KeePass vs Bitwarden vs Enpass vs Stellar

Cloudless Software — Wed, 21 May 2026 08:00:00 -0700

Every password manager claims to work offline now. But there is a massive difference between a password manager designed around offline from the beginning and one that bolted on a read-only offline mode to check a box. This article compares KeePass, Bitwarden, Enpass, and Stellar through the lens of Ink & Switch's local-first software principles.

KeePass has been local since 2003 but is stuck in a usability time warp. Bitwarden's offline is read-only because it was built cloud-first. Enpass gets the architecture mostly right but still funnels you toward cloud sync. Stellar was designed around offline from day one.

Read the full article

Is LastPass Safe? The Breach That Keeps On Taking

Cloudless Software — Thu, 05 Mar 2026 08:00:00 -0700

The 2022 LastPass breach exposed 30 million vaults. Three years later, over $150 million in cryptocurrency has been stolen from cracked vaults, phishing campaigns target anxious users, and ETH Zurich proved the encryption was weaker than advertised.

This is not a breach. It is a condition — an ongoing state of compromise that shows no signs of ending. A deep investigation into the breach, the crypto thefts, the phishing campaigns, and why cloud-hosted password vaults are structurally doomed.

Read the full article

Why "Your Cloud Payment Failed" Is the Most Effective Phishing Scam Ever Sent

Cloudless Software — Mon, 19 May 2026 08:00:00 -0700

With 2.3 billion people using cloud storage worldwide, a fake payment failure email doesn't need to be clever — it just needs to be relatable. This investigation breaks down the economics of cloud storage phishing: $500 to launch a campaign, 18% click rates on urgency-driven emails, $125,000+ per successful Business Email Compromise, and $20.9 billion in total FBI-reported cybercrime losses in 2025.

The article traces who runs these operations (organized crime syndicates, not lone hackers), why cloud storage's universal adoption has created the perfect attack surface, and why keeping sensitive data off the cloud eliminates the panic that makes phishing work.

Read the full article