this post was submitted on 10 Oct 2024
324 points (99.7% liked)
Privacy
32442 readers
629 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Friendly reminder: If you haven't diversified your passwords yet, get a password manger and do it!
Its not an if someone gets hacks, its when.
I don't know if this hack included any user and password, but if it did, they will try the combo on other sites.
KeePassXC, works great but you are responsible for your own file and syncing it between devices. (I use syncthing, but a cloud drive is a viable sync method, its all encyptyed) (iOS options limited)
Bitwarden, great if you don't want to worry about the file and everything syncs on its own. (There is a self hosted version, if you prefer).
Avoid anything paid or tied to a major corporation, they have proven time and again they cn not be trusted to keep our data safe.
I’m using 1Password and have been happy using it. Any reason not to use it, aside from not being open source?
For something that literally holds all your credentials, just it being closed source should be enough of a concern.
You're trusting a third party to store, protect and not loose your passwords behind a vault you never see.
Google had messed up pretty bad a few months ago. Last pass has had issues. I'm unaware of 1pass having issues, but I don't exactly pay close attentions. https://www.keepersecurity.com/blog/2024/08/01/google-password-manager-loses-millions-of-passwords/
These days its not if something bad happens, its when and how bad.
Keeping your database private, also reduces the risk of random attacks a lot. If you're passwords aren't part of a big data leak, they can't use them. Hackers are after the big payouts or the easy payouts. They're less likely to spend a lot time trying to crack your one database, when they can move on to the next guy who keeps them all in a word doc.
If you do have reason to keep using 1pass for whatever reason, be it convince or lack of time to switch, I highly recommend at least getting your important (email, bank, etc) passwords duplicated to something like Keepass (back that file up too) so if/when 1pass ever looses your passwords, you at least have a solid starting point for recovery. Its also good way to familiarize/try out a few options with out dedicating to a full switch.
And if self hosting bitwarden seems tough, look at vaultwarden instead. It's a one-container all in one bitwarden-compatible container.
They only got salted hashes AFAIK. Still it is absolutely good advice to use a password manager.