Resources
External references we trust for password manager security — standards bodies, audits, and breach data. Curated, not exhaustive.
Standards & Guidance
- NIST SP 800-63B — Digital Identity (Authenticators)
The authoritative modern guidance on passwords, 2FA, and authenticator assurance. The basis for most of our security framing.
#standards - OWASP Password Storage Cheat Sheet
Practical reference on KDFs (Argon2, scrypt, PBKDF2) and parameters — useful for judging a manager's crypto choices.
#standards - FIDO Alliance — Passkeys
Primary source on FIDO2/WebAuthn and passkeys, the phishing-resistant direction managers are moving toward.
#standards
Audits & Verification
- Have I Been Pwned
Privacy-preserving breach lookup. The reference data source behind most breach-monitoring features.
#verification - Cure53 published reports
Independent security audit firm that has reviewed several major password managers. We cite published audits rather than vendor claims.
#audits
Independent Analysis & Communities
- Privacy Guides — Password Managers
Criteria-driven, vendor-neutral recommendations that align with an architecture-first evaluation.
#analysis - r/passwords
Focused discussion on password and manager security. Cross-check claims against standards rather than popularity.
#community - r/Bitwarden
Useful for self-hosting (Vaultwarden) and client-specific behavior; verify security advice against official docs.
#community