Viewing a single comment thread. View all comments

flabberghaster wrote

3

twovests wrote

I don't believe so, what are you referring to?

There was the recent major Okta breach, but AFAIK nothing came of that.

The big reason I choose 1password is their use of zero-knowledge cryptography (secure remote password). For a 1Password breach to impact end users, an attacker would need to commit malware to the client software to leak passwords client-side after being decrypted.

3

flabberghaster wrote

Oh, OK yeah I must have been thinking of the last pass breach, and then the OKTA breach that didn't get any data (they claim).

How is last pass compared to Bitwarden? I use that one. I used to just use the google password manager but wanted to put fewer eggs in that one basket.

3

twovests wrote

I believe Bitwarden has almost the exact same security model as 1Password, and should be as secure. The last time I shopped around was ~5.5 years ago, and it was down to Bitwarden and 1Password. IIRC, I chose 1P for the UX.

(I do know that LastPass didn't make the cut. I was "vindicated" in a sense when LastPass had a massive breach for entirely preventable and foreseeable reasoms.)

I'm generally an annoying pro-self-hosting person, but I don't want to do it with a password manager.

2

flabberghaster wrote

I just meant in terms of usability; I was looking at keypads which has an even stronger model but it's entirely self hosted so you have to manage syncing.

I picked bit warden because it seemed like a good mix of usability and security but... Idk

2

twovests wrote

I haven't used Bitwarden so I can't vouch for its usability, but iirc its security is good.

I don't know Keypass personally but my threat model is "I want to be able to use it even if I suffer serious brain damage" so I'm staying away from selfhosting

3