this post was submitted on 07 Sep 2023
986 points (99.0% liked)

Technology

59030 readers
3070 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
986
More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user (www.theverge.com)
submitted 1 year ago by [email protected] to c/[email protected]
188 comments fedilink hide all child comments
 

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 57 points 1 year ago (7 children)

instead of using a password manager managed by a PRIVATE ENTITY people should start using bitwarden ... its opensource, free and much more secure and reliable

[–] [email protected] 19 points 1 year ago (2 children)

But who is running the bitwarden server? Bitwarden the private company.

I self host vault warden, but it's really not something everyone can do.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

Vaultwarden is incredible, and runs easily on freebsd.

[–] [email protected] 5 points 1 year ago

Or should, for that matter

[–] [email protected] 18 points 1 year ago

I personally use KeepassXD on my phone, although it hasn't had a security audit. There is also KeepassXC for desktop, which has had an audit

[–] [email protected] 14 points 1 year ago

Bitwarden, the host, is a private entity

[–] [email protected] 13 points 1 year ago (1 children)

I prefer local password managers. Synchronisation is achieved with a syncing service of our choice.

[–] [email protected] 3 points 1 year ago

That's pretty much what Bitwarden does at its core. It will only synchronize the encrypted password vault and each client keeps an offline copy of it.

[–] [email protected] 6 points 1 year ago (1 children)

How does bitwarden encrypt their passwords? Im just realising that since it works on both my laptop and phone with no configuration it can't be overly nuanced

[–] [email protected] 13 points 1 year ago (1 children)

It's encrypted on the client and bitwarden themselves can't decrypt it (we assume, but there have been audits that seemed to confirm that).

If you want to you can just run your own server then they can't see the traffic at all.

[–] [email protected] 1 points 1 year ago

Private entities are more reliable for personal data than companies whose stocks have gone public.