Viss
i was GONNA migrate to bitwarden / vaultwarden but i guess not, now.
sigh
FurryBeta@Viss I’m using Bitwarden, fwiw, but not using the CLI.
You know better than I do that there is no perfect security. We look at the offerings, mull the pros and cons, and make a decision.
I think I remember a security now or GRC podcast many years ago, where they used an easy to remember algorithm that you could use to encode you passwords with a salt, then write the encoded version down in your notebook. Don’t know if that would still hold up tho
@FurryBeta having a github repo infected by an attacker isnt like, a little oopsie
@Viss You have a point, it’s not. I guess what I’m trying and failing to to say, is no matter what safeguards are put into place, people are always the weakest link. Any momentary lapse can have major consequences in our connected world. It’s one thing if the safeguards were sloppy and lax from the get go, there was a history of bad security or “well we had all the boxes checked!” mentality. AFAIK, Bitwarden tries to be serious about security, but again, you’d know better
@Viss If they have had a history of bad practices, please let me know and I’ll switch to something else. I’ve gotten burned before by giving too much benefit of the doubt
@FurryBeta if you havent updated bitwarden since after the commit with the espionage in it, thats probably a good sign. i'd hold off on updating it for several months at least, just to be on the safe side. but we now know that code in their codebase was corrupted by a nation state attacker with the intention of stealing passwords
@Viss I primarily use browser extension for Firefox, and iOS apps. They auto update so I need to look at what versions they are and if they’re affected.
Any more, it seems like anything we get, we need to check not just once, but several times before clicking any links, even if we’re expecting a link. It’s actually rather sad