OSUBucky t1_j5u24b7 wrote on January 25, 2023 at 3:57 PM

Reply to comment by Man_in_the_uk in Everyone Wants Your Email Address. Think Twice Before Sharing It. by 08830

You need Bitwarden. It’s a life saver!

Man_in_the_uk t1_j5vq6zc wrote on January 25, 2023 at 10:05 PM

Screw that, look at what happened with this..

https://thecrow.uk/lastpass-data-breach-is-starting-to-look-truly-horrendous/

FnTom t1_j5vtxro wrote on January 25, 2023 at 10:29 PM

You can self-host Bitwarden and limit it to a local environment. That way, security breaches on their server would mean absolutely nothing to you.

misconfigbackspace t1_j5w4d4w wrote on January 25, 2023 at 11:43 PM

Specifically this: https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

rhinosyphilis t1_j5wfy9b wrote on January 26, 2023 at 1:06 AM

The edits on that article say that they upped iterations to 350k. I heard on my fav security podcast that it was 600k (show notes aren’t posted yet, when they are I’ll update this with their reference). If you’re self hosting though your vault is on your own servers.

misconfigbackspace t1_j5y8guk wrote on January 26, 2023 at 11:47 AM

I have no beef with any particular online password provider. Because I use Keepass with the password file shared on a google drive folder on very limited desktop / laptop computers. I don't use a smartphone.

DrB00 t1_j5wrfuv wrote on January 26, 2023 at 2:26 AM

Just use KeePass and manage your passwords. Upload it to a cloud service and the password database is still encrypted.