986
More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user (www.theverge.com)
submitted 10 months ago by L4s@lemmy.world to c/technology@lemmy.world
170 comments fedilink hide all child comments

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

you are viewing a single comment's thread
view the rest of the comments
[-] saltynuts420@lemm.ee 56 points 10 months ago

instead of using a password manager managed by a PRIVATE ENTITY people should start using bitwarden ... its opensource, free and much more secure and reliable

[-] forbiddenlake@lemmy.world 19 points 10 months ago

But who is running the bitwarden server? Bitwarden the private company.

I self host vault warden, but it's really not something everyone can do.

[-] InvertedParallax@lemm.ee 9 points 10 months ago* (last edited 10 months ago)

Vaultwarden is incredible, and runs easily on freebsd.

[-] bnjmn@lemm.ee 5 points 10 months ago

Or should, for that matter

[-] yetAnotherUser@lemmy.ca 18 points 10 months ago

I personally use KeepassXD on my phone, although it hasn't had a security audit. There is also KeepassXC for desktop, which has had an audit

[-] RaivoKulli@sopuli.xyz 14 points 10 months ago

Bitwarden, the host, is a private entity

[-] PlexSheep@feddit.de 13 points 10 months ago

I prefer local password managers. Synchronisation is achieved with a syncing service of our choice.

[-] anyhow2503@lemmy.world 3 points 10 months ago

That's pretty much what Bitwarden does at its core. It will only synchronize the encrypted password vault and each client keeps an offline copy of it.

[-] itsdavetho@lemmy.world 6 points 10 months ago

How does bitwarden encrypt their passwords? Im just realising that since it works on both my laptop and phone with no configuration it can't be overly nuanced

[-] tony@lemmy.hoyle.me.uk 13 points 10 months ago

It's encrypted on the client and bitwarden themselves can't decrypt it (we assume, but there have been audits that seemed to confirm that).

If you want to you can just run your own server then they can't see the traffic at all.

[-] IverCoder@lemm.ee 1 points 10 months ago

Private entities are more reliable for personal data than companies whose stocks have gone public.

this post was submitted on 07 Sep 2023
986 points (99.0% liked)

Technology

55929 readers
3486 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world