SN 1066: Password Leakage - Zero Trust, Zero Knowledge
Security Now (Audio)
Leo Laporte
4.6 • 2.3K Ratings
🗓️ 24 February 2026
⏱️ 170 minutes
🧾️ Download transcript
Summary
ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet.
- CA's warn us to urgently prepare for the inevitable.
- Three U.S. states attempt to ban 3D printed firearms.
- Denied ransom, ShinyHunters leaks 967,000 personal details.
- "Billions" of U.S. social security numbers leaked.
- Is Apple planning to add cameras to three new gadgets.
- No more security fixes for Firefox on Windows 7 & 8.
- Russia blocks the official Linux kernel site they need.
- Will the U.S."freedom.gov" site post EU blocked content.
- LLM's will offer secure passwords. Do Not Use Them.
- As predicted, the "ClickFix" attack strategy takes over.
- A listener believes his computer is compromised.
- How could three popular password managers get things wrong.
Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here. We have a lot to talk about. Shiny |
| 0:06.9 | hunters says they have a lot of personal information from a company that was not going to pay |
| 0:13.0 | the ransom. Billions of U.S. Social Security numbers leaked. How's that possible? Apple adding |
| 0:19.5 | cameras to its gadgets? Is that a good idea? And the U.S.'s |
| 0:23.5 | new freedom.gov website. Plus, we'll talk about that study that came out last week |
| 0:30.2 | about password managers. Are they secure? TLDR. Don't worry. |
| 0:38.3 | Here, not on fire, |
| 0:40.9 | but Steve will have the details next on Security Now. |
| 0:47.0 | Podcasts you love from people you trust. |
| 0:49.8 | This is Twit. |
| 0:55.8 | This is Security Now with Steve Gibson. |
| 1:01.9 | Episode 1066 recorded Tuesday, February 24th, 2026. |
| 1:03.5 | Password leakage. |
| 1:06.7 | It's time for security now. |
| 1:10.5 | We wait all week for Tuesdays, but Tuesday has come. |
| 1:13.3 | Congratulations. You made it. Here's our hero of the day, Mr. Steve Gibson, our guru in security, privacy, and all of the above. Hey, Steve. |
| 1:22.0 | Leo, great to be with you again as we wrap up February and head into March. |
| 1:28.0 | We should explain to, I should explain to the 20,000 plus listeners whose email address I have, |
| 1:37.9 | who have signed up for the weekly mailing that they'll be getting a week's surprise this coming week because you and I are |
| 1:48.0 | going to be together in Florida on Tuesday, Wednesday, Thursday of next week. So we're pre-recording |
| 1:55.9 | next week's Tuesday podcast on Sunday before the Sunday show, which means I will be working on it |
| 2:03.5 | Friday and Saturday to get ready for Sunday, and I'm apt to send it off to everybody Saturday. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.