• @Haha
    link
    21 year ago

    What is wrong with last pass?

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        Just about every centralized service will be breached at some point. At least they have a cybersecurity team and everybody got notified and can act accordingly. If you choose another just because they haven’t been hacked, it’s just a matter of time. I think they’re still a viable option, just be ready to react to notices like these.

        Personally, I chose the self-hosted route, but that comes at the cost of maybe never knowing if you get breached until its too late.

        • @[email protected]
          link
          fedilink
          21 year ago

          Normally I’d agree with you, but in the case of lastpass, I have to disagree. Ever since they’re bought by LogMeIn, not only they significantly increased the price, they also have security incidents after security incidents, with the worst one in 2022, not to mention a bunch of vulnerabilities that seems so basic it shouldn’t be a problem on other password managers. There were also shenanigans where they seemingly intentionally broke data export to slow down exodus of their users to other password managers.

          They were recently spun off as a separate company from GoTo/LogMeIn, but at this point I have lost faith and would not recommend lastpass at all.

      • @Haha
        link
        01 year ago

        Which you recommend then?

        • @[email protected]
          link
          fedilink
          31 year ago

          I have migrated to bitwarden years ago, but still curse myself why I didn’t immediately delete my lastpass account back then before the breach.

          • @Haha
            link
            01 year ago

            Then I shall go to bitwarden

          • @Haha
            link
            11 year ago

            I’m interested in vaultwarden, what do you think about self hosting it?

            • @[email protected]
              link
              fedilink
              11 year ago

              It’s super easy to self host (assuming you’re familiar with docker), doesn’t take too much server resource, and will give you access to features normally gated behind bitwarden subscriptions. Way better then the official self-hosted version. The main disadvantage is while it’s open source, the code hasn’t been audited yet, which might be a deal breaker for people obsessed with security.

              • @Haha
                link
                01 year ago

                Yeah I read it’s a bit double edged but would anyone ever want to audit a open source software that can Take over a paying one?… might just take the jump.

            • @[email protected]
              link
              fedilink
              11 year ago

              I’ve never tried it, but from what I’ve read it isn’t too difficult; it is something I’d like to eventually get set up. I expect you’d want either a static IP address or a dynamic DNS service to access it remotely.

              You can also self-host the main bitwarden implementation, vaultwarden is just generally preferred because it’s much lighter-weight, mostly because it’s written in Rust instead of Typescript

        • @_number8_
          link
          21 year ago

          using passwords you can remember instead of An8sdfd8h4indf!id8 just because it’s harder to brute force

          • @[email protected]
            link
            fedilink
            English
            11 year ago

            Passwords you can remember is a problem if you have multiple sites.

            While I love XKCDs HorseBatteryStaplerOkay! strategy… that works well for 4-5 passwords, if you have 20+ passwords you’ll pretty much wind up re-using, and if it turns out one of the 20 sites had garbage protection and gets fully hacked, any sites you used the same is also going to be vulnerable.

            Personally still gotta say go with keepass or bitwarden (selfhosted if possible).

          • @Haha
            link
            01 year ago

            It’s not just about the password you can remember it’s being able to patch your securities in case of a hack/malware or attack; Remembering a password is low on my list at that point

        • @[email protected]
          link
          fedilink
          11 year ago

          If you are worried about people getting ahold of your vault if the company has a breach, then keepass and come up with you own system of syncing the file. It’s a local file so is always under your control.

    • @Thermal_shocked
      link
      11 year ago

      Repeatedly have data stolen and data leaks. Fuck them. Also bait and switch to a one device or pay.