Submitted by glawgii t3_ztx9k5 in technology
sleepybrett t1_j1gh01r wrote
Reply to comment by justanemptyvoice in The Lastpass hack was worse than the company first reported by glawgii
why is 1password any better? Any password manager that make you use their 'cloud' can get fucked IMO.
I used 1password until they mandated their cloud product and stopped supporting local vaults. At least with a local vault if they got hacked, and a flaw was found then someone would have to get my vault as well. Nice defense in depth. But with my vault in their cloud it's a one stop fucking shop... fuck all of that.
maumay t1_j1hpzu3 wrote
Ultimately there is negligible risk if an attacker gets their hands on your encrypted data if it was encrypted correctly. Using something like bitwarden which is open source and regularly audited by external parties give you a pretty strong guarantee this is the case. Storing the vault in the cloud is much more convenient when needing to access passwords from multiple devices.
sleepybrett t1_j1i7o37 wrote
'if it was encrypted correctly.'
For me, there are just some things that I will trust a company to do for me by proxy, and some things I don't. Keeping my identity (if someone has all your passwords they can become, effectively you) secure is one of those things that I'd rather do myself.
Convince is the enemy of security.
maumay t1_j1n0kv2 wrote
Do you trust the correct implementation of TLS encryption when your credentials are sent over the internet? What difference is there with trusting the correct implementation of password encryption?
sleepybrett t1_j1n61mr wrote
I can verify the TLS implimentation in my browser. I do not have access to 1passwords client and server apps source code.
maumay t1_j1nc0xy wrote
Ok, like I mentioned there are open source password manager like bitwarden whose source code is regularly audited and which can be verified by anyone.
sleepybrett t1_j1ndo7s wrote
I currently use bitwarden because I can host my own backend for it.
Rudy69 t1_j1gl0l6 wrote
I was going to say they used to support Dropbox syncing when I used it. But admittedly it's been a while....and boy am I glad I don't use it anymore wow
> I used 1password until they mandated their cloud product and stopped supporting local vaults. At least with a local vault if they got hacked, and a flaw was found then someone would have to get my vault as well. Nice defense in depth. But with my vault in their cloud it's a one stop fucking shop... fuck all of that.
Viewing a single comment thread. View all comments