this post was submitted on 28 Aug 2022
21 points (92.0% liked)

Security

4953 readers
12 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
gary_host_laptop@lemmy.ml
21
LastPass Got Hacked, Time to Switch to KeePass (yewtu.be)
submitted 2 years ago* (last edited 2 years ago) by AgreeableLandscape@lemmy.ml to c/security@lemmy.ml
8 comments fedilink hide all child comments
 

First question right off the bat for anyone concerned: Lastpass claims that master passwords and encrypted user data was never compromised. See: https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/

top 8 comments
sorted by: hot top controversial new old
[–] downdaemon@lemmy.ml 15 points 2 years ago (1 children)

Bitwarden is a good option

[–] dhadelis@lemmy.ml 1 points 2 years ago

Password manager services have highly valuable assets (thousands of passwords databases) and malicious actors will try to attack them. You'd be better using an off-line and local password manager like KeePassXC.

[–] Helix@feddit.de 11 points 2 years ago* (last edited 2 years ago)

KeePassXC >> KeePass, IMHO

[–] bkrl@lemmy.ml 10 points 2 years ago (1 children)

Only offline a database is safe.

[–] AgreeableLandscape@lemmy.ml 8 points 2 years ago (1 children)

Just make sure you back it up to multiple places, and keep the backups up to date.

[–] Helix@feddit.de 4 points 2 years ago

Yeah, that can easily be done by Syncthing. It's basically online, but if you set up your own discovery server and disable relays for syncing, there's virtually no way apart from completely breaking TLS to get the data.

[–] dreamLogic@slrpnk.net 6 points 2 years ago* (last edited 2 years ago)

Again? This is at least two times now. I switched to Buttercup because they just use a file you upload to any cloud service (you can even set up your own webdav if you don't want any company having that file).

Edit: Oh I see. This hack is worse, last time I heard it was leaked passwords and emails.

[–] dhadelis@lemmy.ml 2 points 2 years ago

The same (and much worse) could happen to Bitwarden, at the end password manager services have highly valuable assets and malicious actors will try to attack them. When using a local password manager like KeePassXC, there's not a single server storing thousands of passwords databases, just one stored locally and off-line in your computer, significantly reducing the risk.