cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
I appreciate the air of publicity this story brings.
You probably can’t trust your password manager if it’s compromised
In other headlines: water is surprisingly wet.
Yeah, the title is not that informative.
KeePassXC ftw
I always keep my keepass databases offline for good
Bitwarden offers offline also. And self hosting I believe.
IMO Its fine to sync them with syncthing, as that’s end to end encrypted.
The vault is also encrypted so you are fine
I need to search this KeePass. I read it in other comments, but I have never heard of it before.
KeyPassXC is the way to go, IMO. It is wonderful. The password db is stored locally on your disk. It integrates nicely with firefox and probably other browsers too. Open source, no spyware, “just works”.
It’s pretty good. I was using pass but keypassxc is easier. It also handles passkeys well. Here it is on Windows: https://portableapps.com/apps/utilities/keepassxc-portable. For Linux, just search for it in the package manager. Not sure about Mac.
KeepassXC is also available for Mac.
In other news. Water is wet
I use Pass since a few years. It has a wonderful package for Emacs, and great iOS apps with face ID for ease of use, and the DB can sync to your own private git server behind tailscale. If you have a server, I definitely suggest looking into it. You can check it out at https://www.passwordstore.org/
