This breach is worse than just a website’s database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.
Before changing all of your passwords (and setting up a password manager if you don’t already use one) you need to identify which of your devices was compromised and wipe it.
If you change all your passwords from the compromised device then the malware will just record all of your new passwords.
Turn off your computer and make sure it powers down. Toss it in a 43-foot hole in the ground. Bury it completely rocks and boulders should be fine. Then burn any clothes you may have worn any time you were onliiiine
Personally, I use KeePassDX for my android client, but either works. I use Syncthing to sync changes between devices, though I think the android version of that stopped being supported a few months back, but it still works fine for now.
Last time I used it was very convenient, but the price was too high for me. Besides that, I bought 1pass when was possible to buy once and have it forever, since then, they made increasingly harder to access it if you bought instead of use as a paid service. That’s why I made the change to KeePass.
The only thing that 1pass offers that could justify their business model as a service is sync on multiple devices, and bitwarden does that as well.
KeePass don’t, but you can make it happen with free Dropbox for example.
This breach is worse than just a website’s database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.
Before changing all of your passwords (and setting up a password manager if you don’t already use one) you need to identify which of your devices was compromised and wipe it.
If you change all your passwords from the compromised device then the malware will just record all of your new passwords.
How would one identify which device was compromised?
Assume all of them are infected.
Turn off your computer and make sure it powers down. Toss it in a 43-foot hole in the ground. Bury it completely rocks and boulders should be fine. Then burn any clothes you may have worn any time you were onliiiine
Wait a sec my grandmother is calling me about some pictures I apparently sent her
Instructions unclear, I don’t speak Swahili
That advice is a bit too weird;)
Which password manager is good? I use Bitwarden but it would take forever to change all my passwords inside of it
Bitwarden have a good balance of security, price and convenience. If you want more control and less convenience, KeePass.
Keepassxc
The best IMO because it’s just a client you install on a device which reads an encrypted data file you can sync how you like.
This way it’s not a hoard like lastpass or bitwarden.
And keepass2Android
Personally, I use KeePassDX for my android client, but either works. I use Syncthing to sync changes between devices, though I think the android version of that stopped being supported a few months back, but it still works fine for now.
I am doing the same, all I need is keepassdx to support passkeys now
Any thoughts on 1Password?
Last time I used it was very convenient, but the price was too high for me. Besides that, I bought 1pass when was possible to buy once and have it forever, since then, they made increasingly harder to access it if you bought instead of use as a paid service. That’s why I made the change to KeePass. The only thing that 1pass offers that could justify their business model as a service is sync on multiple devices, and bitwarden does that as well. KeePass don’t, but you can make it happen with free Dropbox for example.
I had an internship a couple years back at a web development startup that used it. Seemed to work just fine.
Bitwarden.
Do you have a clue about what haveibeenpwned is?