Password managers don’t protect secrets if pwned
www.theregister.com
: Researchers demo weaknesses affecting some of the most popular options

cross-posted from: https://infosec.pub/post/42164102

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

  • BeardededSquidward@lemmy.blahaj.zoneEnglish
    131·
    21 天前

    I’ll be honest, password managers are like the holy grail of desirable to breech. If you’re using one it will be constantly under attack. It being breeched or vulnerable shouldn’t be a surprise. There isn’t really a secure way to store large amounts of passwords that doesn’t have some vulnerability issues.

    • nieminen@lemmy.worldEnglish
      3·
      20 天前

      That’s why I liked password store, no servers, just my encrypted password files on my own computer, that I sync over to my other devices.

      Apparently it’s dying soon through, so I need an alternative.

      • vrighter@discuss.tchncs.deEnglish
        7·
        20 天前

        i use keepassxc for the offline database part, and syncthing to sync it (among other things) between all my devices

      • PodPerson@lemmy.zipEnglish
        2·
        20 天前

        I was enjoying 1Password until they went completely subscription, so I switched to Strongbox (based on Keepass) and it’s been pretty good. DB stored locally and I use my own tools to sync that vault to my other devices.