OppositeCode t1_j1gxe32 wrote

Yes, unless you are logged in your vault won't be decrypted. I assume you mean something similar to this? https://bitwarden.com/help/uri-match-detection/ https://bitwarden.com/help/website-icons/

Correct me if I'm wrong, but I assume the website match should be done locally otherwise it would be encrypted. https://bitwarden.com/help/what-encryption-is-used/

Browser extensions are a weak point but it also prevents everyday people from getting phished. As if the domain is not matching, you won't be able to fill your information (since it won't show).

As always, if you don't trust cloud you can either self host or use a local password manager.


OppositeCode t1_j1g29qx wrote

Well I personally trust my current password manager (Bitwarden). When you save your account to that password manager. It is supposed to be fully encrypted and uploaded to the cloud. This is that if there is a breach, the hackers only have your encrypted information (essentially useless).

In the case of this LastPass hack, the URLs of accounts weren't encrypted while the rest of the usernames and passwords were. This can lead to phishing attacks attempting to gain access to that website's account.

There are also local password managers, however I decided against them, as it is not convenient for my personal situation. I started with LastPass but switched to Bitwarden after they implemented their single device policy. As of now Bitwarden has not been breached. With the code being open source, the ability to self host, and the developers responsive & open to suggestions; it has earned my trust.


OppositeCode t1_j1g14xm wrote

From a privacy standpoint, you should change passwords (especially your master password). The hackers have the URLs for accounts of LastPass users (as it wasn't encrypted). So it is recommended to change passwords for "important accounts" (emails, financials, etc).

You can then slowly go through your other passwords and change them. Like the next time you visit the site. Also don't use LastPass any longer, if you want to keep using a cloud based password manager, I recommend Bitwarden for free users.