emma wrote at May 2, 2024, 9:16 PM

move your pc to the bathroom

hollyhoppet wrote at May 2, 2024, 5:08 PM

you can change your password as long as you're logged in, which it seems you are on some computer

Alessia wrote at May 2, 2024, 6:24 PM

i post by thinking really hard at 5g towers

twovests wrote at May 2, 2024, 1:58 PM (edited at May 2, 2024, 1:58 PM)

this post sponsored by 1Password

(edit: i highly recommend 1password. if anything, it means we get to see more good posts)

flabberghaster wrote at May 2, 2024, 3:43 PM

Didn't they just recently get breached?

twovests wrote at May 2, 2024, 4:58 PM

I don't believe so, what are you referring to?

There was the recent major Okta breach, but AFAIK nothing came of that.

The big reason I choose 1password is their use of zero-knowledge cryptography (secure remote password). For a 1Password breach to impact end users, an attacker would need to commit malware to the client software to leak passwords client-side after being decrypted.

flabberghaster wrote at May 2, 2024, 5:07 PM

Oh, OK yeah I must have been thinking of the last pass breach, and then the OKTA breach that didn't get any data (they claim).

How is last pass compared to Bitwarden? I use that one. I used to just use the google password manager but wanted to put fewer eggs in that one basket.

twovests wrote at May 2, 2024, 5:32 PM

I believe Bitwarden has almost the exact same security model as 1Password, and should be as secure. The last time I shopped around was ~5.5 years ago, and it was down to Bitwarden and 1Password. IIRC, I chose 1P for the UX.

(I do know that LastPass didn't make the cut. I was "vindicated" in a sense when LastPass had a massive breach for entirely preventable and foreseeable reasoms.)

I'm generally an annoying pro-self-hosting person, but I don't want to do it with a password manager.

flabberghaster wrote at May 2, 2024, 6:24 PM

I just meant in terms of usability; I was looking at keypads which has an even stronger model but it's entirely self hosted so you have to manage syncing.

I picked bit warden because it seemed like a good mix of usability and security but... Idk

twovests wrote at May 2, 2024, 6:53 PM

I haven't used Bitwarden so I can't vouch for its usability, but iirc its security is good.

I don't know Keypass personally but my threat model is "I want to be able to use it even if I suffer serious brain damage" so I'm staying away from selfhosting

oneviolence wrote at May 2, 2024, 9:42 PM

Truly, every Posters dilemma.

keep thinking of good posts on the toilet but i'm not logged in on my phone and i don't remember my password

Comments