this post was submitted on 07 Sep 2023
979 points (99.0% liked)
Technology
60106 readers
1859 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The idea is fine. Still trusting lastpass was the bad idea. Others have much better implementations to protector your vault and don’t drop the ball on security time after time.
They might have better implementation, but that only means it will take longer time before a data breach happens, it doesn't stop them.
A data breach isn't an issue by itself. It's only an issue if it's possible to decrypt your passwords.
It's OK as long as you're the only one with the key to it.
If your storage provider can decrypt it, so can anybody who hacks them or works for them.
Sometimes these are the same people.
I use Syncthing to keep my Keepass files synchronized on my devices. All the benefits of cloud storage, but my password file never leaves my control.
I do exactly this.
Great idea! I rely on Firefox's service, would you recommend I switch?
Personally I don't like to rely on anyone's cloud services for mission critical applications like password storage, since they have a history of being discontinued without notice.
I do trust Mozilla a lot more than Google, though.
With Syncthing at least if the discovery servers go down you still have a local copy as well as off-site backups, and can easily migrate to some other sync solution as your password manager is not tied to your browser.
I would argue that email is similarly as critical, yet Selfhosting email is a bad idea practically and from a security standpoint. Your argument does not apply in general.