• helpImTrappedOnline@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    Friendly reminder: If you haven’t diversified your passwords yet, get a password manger and do it!

    Its not an if someone gets hacks, its when.

    I don’t know if this hack included any user and password, but if it did, they will try the combo on other sites.


    KeePassXC, works great but you are responsible for your own file and syncing it between devices. (I use syncthing, but a cloud drive is a viable sync method, its all encyptyed) (iOS options limited)

    Bitwarden, great if you don’t want to worry about the file and everything syncs on its own. (There is a self hosted version, if you prefer).

    Avoid anything paid or tied to a major corporation, they have proven time and again they cn not be trusted to keep our data safe.

      • youmaynotknow@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        For something that literally holds all your credentials, just it being closed source should be enough of a concern.

      • helpImTrappedOnline@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        You’re trusting a third party to store, protect and not loose your passwords behind a vault you never see.

        Google had messed up pretty bad a few months ago. Last pass has had issues. I’m unaware of 1pass having issues, but I don’t exactly pay close attentions. https://www.keepersecurity.com/blog/2024/08/01/google-password-manager-loses-millions-of-passwords/

        These days its not if something bad happens, its when and how bad.

        Keeping your database private, also reduces the risk of random attacks a lot. If you’re passwords aren’t part of a big data leak, they can’t use them. Hackers are after the big payouts or the easy payouts. They’re less likely to spend a lot time trying to crack your one database, when they can move on to the next guy who keeps them all in a word doc.


        If you do have reason to keep using 1pass for whatever reason, be it convince or lack of time to switch, I highly recommend at least getting your important (email, bank, etc) passwords duplicated to something like Keepass (back that file up too) so if/when 1pass ever looses your passwords, you at least have a solid starting point for recovery. Its also good way to familiarize/try out a few options with out dedicating to a full switch.

    • electric_nan@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      They only got salted hashes AFAIK. Still it is absolutely good advice to use a password manager.

    • csm10495@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      And if self hosting bitwarden seems tough, look at vaultwarden instead. It’s a one-container all in one bitwarden-compatible container.