Viewing a single comment thread. View all comments

sleepybrett t1_j1i7o37 wrote

'if it was encrypted correctly.'

For me, there are just some things that I will trust a company to do for me by proxy, and some things I don't. Keeping my identity (if someone has all your passwords they can become, effectively you) secure is one of those things that I'd rather do myself.

Convince is the enemy of security.

2

maumay t1_j1n0kv2 wrote

Do you trust the correct implementation of TLS encryption when your credentials are sent over the internet? What difference is there with trusting the correct implementation of password encryption?

1

sleepybrett t1_j1n61mr wrote

I can verify the TLS implimentation in my browser. I do not have access to 1passwords client and server apps source code.

1

maumay t1_j1nc0xy wrote

Ok, like I mentioned there are open source password manager like bitwarden whose source code is regularly audited and which can be verified by anyone.

1

sleepybrett t1_j1ndo7s wrote

I currently use bitwarden because I can host my own backend for it.

1