Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
I just wanted to drop a reminder that both LastPass and Norton LifeLock have been hacked within the past year alone.
KeePass is a thing that exists and is fantastic.
I just want to drop a reminder (to you specifically) that you don’t have to use a cloud-based password manager. Roll your own.
Good advice only for tech-savvy and people who are interested in self-hosting. There’s so many things that can go wrong like improper backups and accidental networking problems.
And here’s a reminder that trusting centralized service with high security access control is usually a bad idea.
I stay away from LastPass for the same reasons I stay away from TeamViewer. Security through obscurity on top of decoupling my security interests from others means other people being attacked is much less likely to cause me harm at the same time
Offline password managers like KeepassXC are a thing, plus self hosted remote storage like Nextcloud means you’re not worried about any third party interference
I use Pleasant Password Manager, which is keepass compatible. Big fan of offline cache with online sync for access anywhere with an internet connection on top of my phone offline
Use KeePassXC and you can’t get hacked
Well, you can. But you have to be PERSONALLY hacked. At which point you’re at a level of risk equal to “will my house burn and my notebook full of passwords get lost?”
And at least for LastPass no passwords were compromised. Saying they “were hacked” and leaving the extent of the hack out implies something worse IMO, it’s misleading. The safes themselves are E2E encrypted so they also don’t have your password.
That said, my vote is to Bitwarden as it’s open source and allows self hosting if you think you’re a more reliable admin than they are. Open plus more choice is always better.
This is true, but they have your encrypted vault, and all the technical data to make unlimited informed attempts at cracking it. If you used LastPass, you definitely need to be changing passwords for your critical services at a minimum.