this post was submitted on 18 Feb 2026
17 points (87.0% liked)

Privacy

4077 readers
328 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
17
You probably can't trust your password manager if it's compromised (www.theregister.com)
submitted 1 week ago by cm0002@toast.ooo to c/privacy@programming.dev
12 comments fedilink hide all child comments
 

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

you are viewing a single comment's thread
view the rest of the comments
[–] osanna@thebrainbin.org 2 points 1 week ago (2 children)

That is rather concerning :/. I always said I'd never self host a PW manager, because if i lose access to it, I lose access to most parts of my life. But in light of this report, and with the BW servers being such a juicy target, i have taken to self hosting it. they probably won't notice a standalone server, with just one account on it, versus a server with thousands or millions of users in the BW servers.

ETA: with an appropriate backup strategy, it should be fine, i think?

[–] lka1988@lemmy.dbzer0.com 4 points 1 week ago

I use KeePass, and Syncthing handles multi-device synchronization. The database is also regularly backed up locally and to a few cloud services.

[–] Onomatopoeia@lemmy.cafe 1 points 1 week ago

At this point with Lastpass losing their entire DB years ago, why would you trust an online one?

If you self-host, you control all risks and mitigation strategies.