this post was submitted on 07 Sep 2023
979 points (99.0% liked)

Technology

60106 readers
1859 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

you are viewing a single comment's thread
view the rest of the comments
[–] saltynuts420@lemm.ee 57 points 1 year ago (7 children)

instead of using a password manager managed by a PRIVATE ENTITY people should start using bitwarden ... its opensource, free and much more secure and reliable

[–] forbiddenlake@lemmy.world 20 points 1 year ago (2 children)

But who is running the bitwarden server? Bitwarden the private company.

I self host vault warden, but it's really not something everyone can do.

[–] InvertedParallax@lemm.ee 9 points 1 year ago* (last edited 1 year ago)

Vaultwarden is incredible, and runs easily on freebsd.

[–] bnjmn@lemm.ee 5 points 1 year ago

Or should, for that matter

[–] yetAnotherUser@lemmy.ca 18 points 1 year ago

I personally use KeepassXD on my phone, although it hasn't had a security audit. There is also KeepassXC for desktop, which has had an audit

[–] RaivoKulli@sopuli.xyz 14 points 1 year ago

Bitwarden, the host, is a private entity

[–] PlexSheep@feddit.de 13 points 1 year ago (1 children)

I prefer local password managers. Synchronisation is achieved with a syncing service of our choice.

[–] anyhow2503@lemmy.world 3 points 1 year ago

That's pretty much what Bitwarden does at its core. It will only synchronize the encrypted password vault and each client keeps an offline copy of it.

[–] itsdavetho@lemmy.world 6 points 1 year ago (1 children)

How does bitwarden encrypt their passwords? Im just realising that since it works on both my laptop and phone with no configuration it can't be overly nuanced

[–] tony@lemmy.hoyle.me.uk 13 points 1 year ago (1 children)

It's encrypted on the client and bitwarden themselves can't decrypt it (we assume, but there have been audits that seemed to confirm that).

If you want to you can just run your own server then they can't see the traffic at all.

[–] IverCoder@lemm.ee 1 points 1 year ago

Private entities are more reliable for personal data than companies whose stocks have gone public.