flabberghaster wrote
Reply to comment by twovests in keep thinking of good posts on the toilet but i'm not logged in on my phone and i don't remember my password by Alessia
Didn't they just recently get breached?
twovests wrote
I don't believe so, what are you referring to?
There was the recent major Okta breach, but AFAIK nothing came of that.
The big reason I choose 1password is their use of zero-knowledge cryptography (secure remote password). For a 1Password breach to impact end users, an attacker would need to commit malware to the client software to leak passwords client-side after being decrypted.
flabberghaster wrote
Oh, OK yeah I must have been thinking of the last pass breach, and then the OKTA breach that didn't get any data (they claim).
How is last pass compared to Bitwarden? I use that one. I used to just use the google password manager but wanted to put fewer eggs in that one basket.
twovests wrote
I believe Bitwarden has almost the exact same security model as 1Password, and should be as secure. The last time I shopped around was ~5.5 years ago, and it was down to Bitwarden and 1Password. IIRC, I chose 1P for the UX.
(I do know that LastPass didn't make the cut. I was "vindicated" in a sense when LastPass had a massive breach for entirely preventable and foreseeable reasoms.)
I'm generally an annoying pro-self-hosting person, but I don't want to do it with a password manager.
flabberghaster wrote
I just meant in terms of usability; I was looking at keypads which has an even stronger model but it's entirely self hosted so you have to manage syncing.
I picked bit warden because it seemed like a good mix of usability and security but... Idk
twovests wrote
I haven't used Bitwarden so I can't vouch for its usability, but iirc its security is good.
I don't know Keypass personally but my threat model is "I want to be able to use it even if I suffer serious brain damage" so I'm staying away from selfhosting
Viewing a single comment thread. View all comments