More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • @[email protected]
    link
    fedilink
    English
    571 year ago

    instead of using a password manager managed by a PRIVATE ENTITY people should start using bitwarden … its opensource, free and much more secure and reliable

    • @forbiddenlake
      link
      English
      201 year ago

      But who is running the bitwarden server? Bitwarden the private company.

      I self host vault warden, but it’s really not something everyone can do.

    • @[email protected]
      link
      fedilink
      English
      181 year ago

      I personally use KeepassXD on my phone, although it hasn’t had a security audit. There is also KeepassXC for desktop, which has had an audit

    • @[email protected]
      link
      fedilink
      English
      131 year ago

      I prefer local password managers. Synchronisation is achieved with a syncing service of our choice.

      • @anyhow2503
        link
        English
        31 year ago

        That’s pretty much what Bitwarden does at its core. It will only synchronize the encrypted password vault and each client keeps an offline copy of it.

    • @itsdavetho
      link
      English
      61 year ago

      How does bitwarden encrypt their passwords? Im just realising that since it works on both my laptop and phone with no configuration it can’t be overly nuanced

      • @[email protected]
        link
        fedilink
        English
        131 year ago

        It’s encrypted on the client and bitwarden themselves can’t decrypt it (we assume, but there have been audits that seemed to confirm that).

        If you want to you can just run your own server then they can’t see the traffic at all.

        • RealHonest
          link
          fedilink
          English
          -131 year ago

          Who’s we? You probably mean you assume. Bitwarden is open source so an assumption need not be made.

          • @[email protected]
            link
            fedilink
            English
            21 year ago

            There’s an assumption that the code you see is the code running on their server. And on top of that there’s lots of other software running on their servers.

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      Private entities are more reliable for personal data than companies whose stocks have gone public.