In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…

  • TheFrirish@jlai.lu
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    it’s a bad idea to have all your passwords centralized but for me it’s still an upgrade in security compared to remembering a few different passwords. I understand security is very important but I want to be able to appreciate convenience and not have to write all my random passwords on a book that I would have to bring with me all the time and look at every time I want to type a password. there’s no such thing as bulletproof security. I’m quite happy to have reduced my attack vectors to nearly one single point so I can focus on defending that one single point.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Password vaults are great! Giving them to a central authority is… a little risky though. LP has a pretty decent history other than this, so I don’t fault anyone for using them. But after that breach, it’s probably good to consider those creds burned and recycle them.

      A good self-hosted alternative might be something like Keepass on Syncthing. Though a downside of that is that you might be even less likely to know of a vault exfil than a service like LP.

      Either way you go, it’s good to recognize the limiations and act accordingly.