cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
KeePassXC ftw
I appreciate the air of publicity this story brings.
You probably can’t trust your password manager if it’s compromised
In other headlines: water is surprisingly wet.
I always keep my keepass databases offline for good
Bitwarden offers offline also. And self hosting I believe.
IMO Its fine to sync them with syncthing, as that’s end to end encrypted.
Am I the only person here that never used one just because of this? They all sounded too sus to me.
Keeping them in your head? So, your passwords must be shit, lmao.
Zero threat prioritisation.
for the average person’s home pc, writing them down on a sticky note or notebook is sufficient
if someone unauthorized is physically in your house then you have bigger problems than them knowing your facebook passwordAnd those handwritten notes are secure random passwords and never repeat?
Just too much work for the average person and too inconvenient to type.
