More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists
Nearly every victim was a LastPass user.
But every victim was a cryptocurrency user.
I don’t understand saving your passwords to the cloud in the first place
It is like storing all the passwords in one convenient place that can be accessed from any location on the planet, making it the most convenient and juicy target for hackers.
Even encrypted, it just doesn’t make sense.
instead of using a password manager managed by a PRIVATE ENTITY people should start using bitwarden … its opensource, free and much more secure and reliable
Bitwarden, the host, is a private entity
Any obvious holes in keeping a text file on my laptop that I encrypt when not using it? Using ccrypt on linux.
I do not want my passwords - even encrypted - on the cloud or at the mercy of a 3rd party in any fashion.
Use KeePass.
My concern with using a text file is you have to defrost it to use it and whenever it’s not encrypted it’s potentially exposed. You are also vulnerable to keyloggers or clipboard captures
KeePass works entirely locally, no cloud. And it’s far more secure/functional than a text file.
I personally use KeePass, secured with a master password + YubiKey.
Then I sync the database between devices using SyncThing over a Tailscale network.
KeePass keeps the data secure at rest and transferring is always done P2P over SSL and always inside a WireGuard network so even on public networks it’s protected.
You could just as easily leave out the Tailscale/SyncThing and just manually transfer your database using hardware air-gapped solutions instead but I am confident in the security of this solution for myself. Even if the database was intercepted during transit it’s useless without the combined password/hardware key.
