Tiago PeixotoDec 22, 2022

Using apps like LastPass — which require you to upload your passwords and a bunch of other info on all your online accounts — has always been the epitome of stupidity.

This is why: https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

LastPass users: Your info and password vault data are now in hackers’ hands

Password manager says breach it disclosed in August was much worse than thought.

Ars Technica
Show threadRandallbDec 22, 2022
@tiago if you use the right ones which are publicly auditable, ie 1password, they’re better than almost anything else.
Show threadTiago PeixotoDec 22, 2022
@Randallb Definitely not better than FLOSS alternatives that keep your passwords off the “cloud” where they belong.
Show threadRandallb
@tiago i mean that sounds nice in theory but not necessarily true. Auditable == open.
Dec 22, 2022 at 11:59pmWeb
Show threadTiago PeixotoDec 23, 2022

@Randallb Sorry, “auditable” ≠ open. Not even close. And furthermore, open ≠ no bugs, which is why it's good to keep your passwords with you.

There's nothing theoretical about it: Gnome and KDE both have built-in password managers, and so does Firefox.

Show threadRandallbDec 23, 2022
@tiago sure and I guess if you look at 1pwd’s model it’s unclear how they’re any more secure than it.
Show threadTiago PeixotoDec 23, 2022
@Randallb They don't upload anything anywhere. The attack surface is substantially smaller.