1Password truly doesn’t get enough credit for the choice to encrypt every vault with a high entropy secret key passed device to device. It surely costs them in UX and support load, but it would have made a breach like this essentially inconsequential.
Bitwarden truly doesn’t get enough credit for being completely open source and having independent implementations of the server code (Vaultwarden) with which the official clients are fully compatible, which I can run on a vm on a server under my desk.
In 50 years time, who knows if any of these companies will be around. But I’m pretty sure that my grandchildren, should they want to, will be able to open a gpg encrypted gzipped file (with the passphrase I’ll leave them) containing my passwords in a csv file.
I am fascinated by the idea of being 50 years from now, and doing digital archaeology more or less. So much of our actual output is now digital and stored digitally.
Given how I have experienced technology up until this point, my assumption is that everything I will create for work or for pleasure, is more or less ephemeral. It has certainly proven true for work.
I think we (or our descendants) will be surprised by the longevity of some of the file formats in use today. I would wager that it will be possible and not too unusual for regular users to open files in formats like PDF, zip or jpeg 100 years after their inception.
I've recently had to open some installer files from the mid-90s that were in a proprietary format (I forgot the name... Inno? InstallShield?) and was surprised to see that the current go-to solution is open source.
As long as an open source (or at least open specification) exist, these files will remain being openable. ...or at least until curious minds are able to crack them!
I'm not sure whether these file formats will still be in common use, but I'm fairly sure it will be trivial to find software that can read them.
Just like it's fairly easy for us to even run software from 50 years ago thanks to emulation. As long as your software run on a platform popular enough to have a good emulator. But for PDF and zip and jpeg reading software that will definitely be the case.
Yes I do think we will still have files (whatever they will be called) at some level for some purposes.
I.e, we will still be able to store and transfer sequences of bytes conforming to some specification (file format), and we will be able to attach names to those blobs in some namespace. The concept is too general to ever lose its usefulness.
There are a few key things I have learned in the third of a century that I've been working with data: Data lives longer than apps and longer than people. We will always need units of data that have their own life cycle and are reasonably self describing and self contained (i.e meaningful without resolving external references).
100 years after their inception isn’t very far from now. There are plenty of people here who will be alive in the 2080s.
Everybody has a different idea of what long term means, but I think of it as millennia from now. The kind of time frame that the Long Now Foundation talks about.
I suspect you won’t be allowed to do archeology, because the company that bought the rights to it won’t let you. If we continue the path we’re on basically nothing will be owned by us or kept safe by us. Just look at the difference from the PC era to the smartphone era. It’s all cloud based now.
I have installed the "1password-cli" package on my airgapped linux machine with no network access ('op --version' gives me 2.30.3).
If I run 'op vault list', it tells me I have to add an account. When I run 'op account add' it tries to connect to 1password's servers and won't let me proceed without internet.
I don't see how this "local client" is helping if all the auth infrastructure goes through their servers.
There might be alternatives that are better designed for that use case these days; pass and KeePassXC are popular ones, depending on the interface you want (pass is made for the cli as the primary interface).
What does "You will get your vaults locally" mean?
Is it possible to export as a file, take that with you on whatever medium (eg. USB key, CD-ROM, future isolinear chip), put it on a brand new PC you built from scratch and never connected to the internet, and open it in some kind of standalone viewer?
That’s how 1Password used to work. Not sure how much of that is still left in the system these days.
Originally it was an app with no remote component. The vault was yours to look after. Most people kept it in Dropbox to make it accessible anywhere. The vault itself actually had an html file in it that you could open in a pinch that was able to decrypt secrets (only for reading, from memory).
Actually, 1Password had local syncing where you synced the vaults between devices on a local connection (I think it was point to point WiFi, so your internet dropped off, Bluetooth was less common then). So it was bucket brigade syncing.
Dropbox came later and security minded folks were wary. Honestly, I trust 1Password sync more than an encrypted db on a general purpose cloud file sync, but maybe that’s naive.
After auth, it downloads a copy of your vaults to your device from their servers.
Super contrived, but you could probably just copy the sqlite dbs of your vault it creates locally to another PC along with the 1Password installer and it might let you sign in with just your master key.
The likelihood that someone would be able to do this in 50 years time, without your company still around? Close to zero.
Passwords, even ssh keys and passkeys, are little pieces of plain text. If you think needing a specialised sdk or cli to retrieve plain text is a good software architecture, I think we see the world quite differently.
That's the exact reason it's open source, so it would still be possible to access your data in such an event.
We clearly see things differently but I think using computers to make our lives easier is worthwhile and storing/managing our secrets securely, effectively and conveniently is better managed by software than some ad-hoc setup.
Nitpick, passkeys are not text, they are binary blobs.
“1Password anywhere” (single html file password manager) stopped working a while ago. May be 6 years back. Sure you can install a new client and use a stored folder - but compatibility lasting to your grandchildren’s time / 50 year etc - highly unlikely
Since I’m talking about reliable long term archival of critical encrypted data here, let me again ask: in your opinion, what is the likelihood that in 50 years time, with 1Password long gone, my grand children would be able to run that local 1Password client and successfully decrypt the data?
Because I feel pretty confident that gpg will still be around (though hopefully long deprecated), that gzipped files would still be able to be opened, and everyone would still be able to open a csv file. Without any specialised software, sdk or whatnot.
If this scenario doesn’t concern you, that’s fine, 20 years ago it wouldn’t have been my concern either. But the older I’ve become, the more I think about this stuff.
Close to zero. Archive is a different discipline. You need to have formats that are long lived and accessible over time. Paper is best, and it goes from there. Some electronic media archivists are fans of TIFF. It’s a field with controversy.
Pick the formats your storing and handle security at the container. This might be an encrypted system that is copied and updated over decades or a physical storage safe or box.
Curious, how is Excel encryption? That may be a more approachable format than CSV GPG, and though technically the CSV GPG is more simpler, it may be less familiar to users in 100 years. Excel will still be around ;)
>But I’m pretty sure that my grandchildren, should they want to, will be able to open a gpg encrypted gzipped file (with the passphrase I’ll leave them) containing my passwords in a csv file.
technical possibilities aside, do you presume your grandchildren will be technically apt?
I am pretty sure 99% of people would halt at 'gpg' , and that's now -- not 60 years from now.
To how many non-SWE members of your family could you say 'here is the Netflix password, you can decrypt it with gpg', and have them be like 'ah yes, let me just `man gpg` this will be no problem'?
Cynically, it's far more likely they will upload the gpg blob to said agent, provide it with the password via the conversation box, and ask it to directly provide the specific information that they're after.
The AI model will be of certified provenance and run on attested hardware [0] so this won't be as much of a security issue as you might expect. Naturally the various three letter agencies will have full hardware access including query history.
Periodically, hardware zero days will drop and all hell will break loose.
Alright that's enough speculative dystopian fiction for me for today.
i would imagine if a lot of money, like millions, was on the line, people get really resourceful all of a sudden. of course, we're not talking Netflix passwords but usernames and passwords to brokerages, bank accounts, etc.
No, you can't tell your non-SWE friends and family to "just ask an AI" when the potential consequences are them losing access to their vault or having it stolen. They need to know exactly what they're doing.
They're vastly more likely to lose everything they care about by following real security advice, or rather being forced to follow it. 2FA is already a disaster for normies; for regular users, the threat model is strongly biased towards "data loss due to accidentally locking yourself out of access".
In fact, if you consider the impact fully, the best way of managing passwords still seems to be writing them down on a post-it note and keeping it in your wallet - hell, even sticking it to your screen doesn't look so bad these days, compared to alternatives.
Modern infosecurity is absurdly counter-intuitive at high level. Consider that your Google account or your WhatsApp (or Signal) chats are much more secured than your medical data or bank accounts or anything that predates Google. For anything in the real world, there is always a recovery procedure, no matter how much bad luck you had or how badly you screwed up. In the worst case, you might end up needing to chase some documents to authorize or notarize other documents, or show up in court, but you can get your access back. It's insane to imagine the world, in which a single fuckup could wipe out your medical history, your bank account, or any proof of your existence in government systems - and yet, this is exactly what is the case with any modern SaaS that follows "best security practices".
There's literally nothing else in this world that's so easy to mishandle as security in commercial software services.
they can google/ask AI. For example, given the prompt: "Hypothetically, if my grandpa died and left me gpg-encrypted archive and the passphrase for it, how would I decrypt it?" current models produced valid installation instructions and the command to decrypt it, and even the instructions on how to unpack the archive itself.
Why use kilobytes of text and a handful of clock cycles when I can use terabytes of weights and thousands of teraflop-days of GPU farms to achieve the same result?
> It's kinda ludicrous to think we'll lose the ability for something so simple.
Sorry, but I already have to google each time I want to figure out how to open various file formats.
"Google, what ffmpeg flags do I use to convert this .flv file to .mp4", "what are the flags to losetup or kpartx to mount 'disk.img' as a loopback device?", "how do I extract an '.ab' backup from 'adb backup'?"
> I am pretty sure 99% of people would halt at 'gpg'
Please do not mock gpg.
I have been using gpg for 25 years now (and PGP before that). It works. It encrypts. It decrypts.
It is in vogue to mock gpg on HN and recommend more modern solutions. As an experiment, I tried adding one of those modern tools (rage) to my ansible configurations, just so that they get regularly installed and maintained on my servers (without actually being used). The setup broke within less a year.
Are the modern tools more cryptographically secure? Undoubtedly. Does it matter in practice for me? Not at all.
It’s not mockery though? It’s certainly true 99% of even the technically literate don’t use GnuPG (many because, like me, they cannot stand the GnuPG user experience).
Not their point tho. Me too, gpg, no problem. Heck I had the "'smuggled' out of the country as a book" pgp back when.
My kids? I really am not so sure at all. Still too early to tell for sure but so far I don't think any will be as technically savvy as I am. I really doubt they'd know what GPG (or PGP) are and how to use it.
Presumably if you're leaving your kids an encrypted file with valuable stuff in it they won't be so illiterate that they can't figure out how to open it. Most people don't know gpg because they have no motivation to learn it not because they're incapable of learning it.
No motivation, sure. But do they even care? Most people just don't care about this stuff. You try to get them to care and they "say, yeah, okay, yeah, I know" as they roll their eyes and go back to scrolling Instagram or whatever.
The apathy is real and I don't see it getting better.
It's such a pity that bitwarden's client doesn't work offline for modifying vaults (need to be online to be able to access the server implementation). I would switch from my old local vault 1password in an instant.
I just have KeePass in a syncthing folder with a trigger to sync on open.
Technically I think I could drop the trigger if the desktop app would open by making a temporary file copy and syncing back (ironically Keepass2Android is very good at this).
I still rely on a gpg encrypted text file for storing my passwords, too. 25 years of that and it's second nature. No other solution has ever appealed to me.
I’m autofilling usernames and passwords from 1Password’s browser extension probably 100+ times per workday. Are you manually copying and pasting anywhere near that amount? I think I would be miserable with that setup for anything beyond very light use.
That, and it's better in most functional and polish regards than LastPass. I haven't used 1Password, so I can't compare those two directly, but I'd strongly recommend BitWarden over LastPass as far as those two are considered.
I have my own beef with 1Password, but having used both Bitwarden and 1Password, I still find 1Password to be the better UX and more secure solution. Bitwarden is also worse at filling with their browser extension, rather significantly. That said, 1Password's Safari support with multiple profiles is... frustrating... at best.
I’d strongly prefer an open source and selfhostable option, but each time I’ve evaluated Bitwarden in the past, it was a big enough downgrade from 1Password that I didn’t think switching was a good option.
If the experience ever becomes as seamless, I’ll be switching.
That is particularly true for anything dealing with security. I evaluated both BitWarden and 1Password when we wanted to migrate away from LastPass. My recommendation was to eventually go with BW. Its open-source nature was a factor, but for a corporate use the UX factors were even more prominent.
Over a course of a month, I ran into several subtle footguns with 1P. Search included only some of the fields. Password reset/rotation flow was easy to mess up (thanks to the confusing + inconsistent "copy field" functionality) and get into a situation where the generated password that was stored in the vault was different from the one that was set: in my tests there was 50/50 chance of accidentally regenerating the password before the vault storage step after submitting the new one for a remote service.
There were a whole load of "features" that didn't make any sense. The UI for 1P was a real mess. The feeling I got from it was that their product had been captured by Product Managers[tm] desperate to justify their own existence by shipping ever more Features[tm] without considering the impact on the core functionality.
BW's UI is by no means perfect, and their entry editing flow is far from ideal. But at least most of the actual usability snags in their browser extension have a common workaround: pop the BW overlay out from the browser, into a separate window. Their open-source nature and availability of independent implementations mean that there will be alternatives, should BW go down the same features-features-and-more-antifeatures hellhole in their race to eventually appease their VC backers.
Sounds like our experience with it could not be more different.
> The UI for 1P was a real mess.
In what way? You described how you feel about the UI, but I’m curious about actual specifics.
It’s entirely possible that I’m just too accustomed to it because I’ve been using it for many years, but what you’re describing is how I felt about Bitwarden.
I can completely see choosing BW in a corporate setting for a host of other reasons. But for me personally, the priority is a tool that gets out of my way and just works.
The tool that has done that is 1P.
> Less is more.
That really depends. If less means that the password manager doesn’t get used, then less is less.
I check BW every so often but it always feels less polished UI wise. For all the complaints people had about 1P moving to electron, it’s UX is still the best out there.
I'm confused why some companies (including Amazon and Steam) insist on family features. The mental model behind this is more prescriptive than descriptive - it doesn't match to how users and their families function; rather, it insists on some activities to a) exist in family, and b) be not allowed outside of family.
Or simply: how many people have actual family listed in their Steam / Amazon "family sharing"?
What do you mean about prescribing and insisting? I’m not sure I understand your questions about family sharing and the mental model.
I use family sharing with actual family for my Steam account and all video streaming services. Am I weird? The reason is because streaming services allow sharing under a single paid account, and my wife & kids don’t want to pay for separate accounts, and don’t want to have to authenticate separately on shared devices (TVs, game consoles, iPads, etc). Steam family sharing works across different Steam accounts, and sharing a single account doesn’t work, so Steam isn’t particularly relevant to the discussion of family sharing of passwords. Steaming accounts, on the other hand, all assume they’re being used by a whole family, and the main reason is because of shared devices; the family TV itself logged in. So, they all offer profiles under a single account. Netflix clarifies that family sharing means the people in a single household, maybe others are similar.
We use password family sharing as well. My wife and I share bank and credit card accounts. My wife needs my accounts sometimes to do certain things — you might be surprised how many banks do not offer joint accounts and still treat wives as second class citizens. We share the Netflix & Amazon accounts with the kids so they can use them. I pay for a 1Password family account and share it with my aging father who’s been losing passwords. These things are all pretty useful for me.
I guess you’re making me wonder why someone wouldn’t make a family sharing feature, when it solves real problems and users are asking for it?
I don’t have amazon or steam so don’t know how any of that works. But for a password manager, family sharing is extremely useful.
Bitwarden doesn’t have families per se, it’s got “organisations”. You can setup unlimited number of organisations and users can get invited and join them. Which is very handy for example my wife and I can login and order our groceries from the supermarket using the same account. Or that we can both login and use our electricity company’s web portal which only allows one account per household. All without needing to send each other passwords and updated passwords back and forth.
I have nothing against sharing per se. My issue is with the family nomenclature. In your case it might align perfectly, but for myself and most people I know, it's not the case. That is, the set of people to share a Netflix subscription with, share Steam library with, share Kindle library with, share passwords to various web services, including utility companies, are only partially overlapping, and do not align perfectly with the idea of "family" or "household".
This seems pedantic. I am trying to wrap my head around why "family sharing" is an issue here. You want to share with someone, use family sharing I don't see what the issue is.
Their comment made me laugh, agreed, open source is really is that big of a perk. IMO especially for something security-related (though 0day is always possible)
Proton Pass truly doesn’t get enough credit for being completely open source, more user friendly, and hosted outside the US (wouldn’t want to lose access to your vault [1]).
Proton pass is a poor man’s attempt at a password manager, with horrible user experience (oh we thought just a browser extension was enough!) and random limitations to fit in with Proton’s tortured business model.
I was a Protonmail founding member. I used and evangelised them for years until I realised that they are more interested in chasing the next shiny thing (hey we have a crypto wallet now!) instead of fixing longstanding bugs and performance issues in their mail client.
As for hosted outside the US, I’m pretty sure the vaultvarden instance running under my desk is also hosted outside the US (unless I’ve somehow been magically transported to the US). Plus, I get to physically lock the door when I leave the house and my cat usually sleeps on top of the sever which adds a level of furry protection which proton pass could never achieve
Oh, impressive how browser extensions can live outside of browsers now. And on mobile too!
After having used Bitwarden for more than 4 years, I only switched last week, so I'm still in the honeymoon phase. But it has everything I used in Bitwarden and more, most notably all the usability features that I was missing in Bitwarden.
Don't think you can self-host it, but that would also pretty much defeat the user-friendly aspect. You don't need the server source if the vault is client-side encrypted, besides you would get zero guarantees that what they show and what they're actually running are the same thing.
Wouldn't it also make you lose everything in a recovery scenario? If all your computers are lost in a fire or flood, you would lose the recovery key, and having your password would not be enough to recover your database. I use keepassxc with a somewhat long password with a high PBKDF iterations count, which would not require having any devices in the event of a loss.
There is an option to print out recovery info. A sheet with a QR code and a space for you to write your password (or not, if you don't trust keeping those 2 things in one place). That paper can go in a safe deposit box, with a trusted family member / friend, or in some cloud service you'd still have access to. The QR code + your password allow for recovery.
Depending on your usage, loosing your password can be irreversible. That'd lock you out of your encrypted email and storage and will take you months to recover your account on some platforms.
Lastpass downplayed the breach and turned out they had not properly encrypted the data like notes section. They should have been sued to oblivion, but they were able weasel out of responsibility, so far.
Lastpass had one job and failed it. Unforgivable that they knew their users' master passwords are not secure enough, but chose not to be vocal or proactive about it.
If you're using Lastpass right now, move to more trustworthy options like 1Password, Bitwarden or Keepass. Do it today. And change all passwords, that are meaningful to you.
You'd have to go study the case, but it's a class action case, so it'll hurt if they lose (and even if they don't). The court appears to be consolidating cases into this one, because LastPass has been sued in federal court 15 times so far:
I swapped to BitWarden a few years back and there was almost no friction - export from LastPass, import to BitWarden, get used to the inevitable handful of UI quirks, and you’re good to go.
I have been using 1Password for the last several years and am quite happy with them, except for the fact that they basically forced users to use their cloud offering with subscription as opposed to free iCloud storage after 1Password version 7.
Highly recommend Strongbox. The underlying DBs are KeePass DBs and can be stored anywhere as well as opened with any KeePass client, with a UI even better than 1Password (you can have columns for every field) as well as passkey support + export/import (even before the official method came out because they believe in you owning your own data).
I love it because Strongbox also has its own cloud feature (optional) that is just a hosted KeePass DB which makes it easy to have a shared DB with my partner.
The only downside for me: there isn’t a universal search that searches all DBs for credentials. So if you are in a browser and trying to autofill, you need to select the DB you want it to populate from.
> except for the fact that they basically forced users to use their cloud offering
Yeah that's when I left 1P after having bought hundreds of dollars of licenses for myself and my family (for multiple OS).
The other big thing was self hosting the vault. You used to be able to sync the vault with Dropbox and access it from a browser but at some point Dropbox killed public folders. It would have cost 1P pennies to store the vaults of paying customers in S3 buckets. Instead they decided to use that as leverage to force people into subscriptions.
No. I used both of them when migrating from LastPass, and found that Bitwarden only supports four or five types of entries, which ultimately drove me away from the product.
The rich entry types from 1P and LP are nearly all converted to Notes in Bitwarden. Great product otherwise.
With the way the Apple is going in the UK, I'd rather give 1Password the keys to the kingdom.
Their whole raison d'etre is protecting your passwords. If they start selling people out, their business implodes.
They also keep adding thoughtful tweaks and new features. A couple years back I thought I'd give it a few years and then hop from 1Password to Bitwarden. But Bitwarden's UI and UX is still subpar (doesn't even support drag 'n drop..)*. All Bitwarden does is invest in enterprise features, which mean jack for the average user.
*dragging items from one vault to another, not a hugely important feature but Bitwarden has a thousand of these kind of paper cuts compared to 1Password
I'm a bit confused on how the LastPass hack enabled the loss of passwords. I assume it works the way that I understand 1Password to work which should mean this would still be very difficult to impossible to do. Can anyone explain what I'm wrong about in terms of how the password managers work or how LastPass works differently?
So the way that I understand 1Password to work is that the decryption key is split in two: the user's single password + a secret key. You need both to decrypt the vault. The secret key is, again according to my understanding, generated randomly and is like 128bits? Once 1Password generates it and sends it to you (maybe they don't even send it and it is generated locally, I don't know), they never see it again. Thus, even if your vault were stolen, the thieves would need to crack your password (very likely not that secure) but also the 128 bit secret key so you would have a minimum of 128bit security which seems fine?
What's different about LastPass? Were the secret keys stolen somehow too? Were the targets of the stolen vaults then hit with further attacks to extract the secret keys? Does LastPass not use a similar structure as 1Password? Or am I actually not as safe as I thought using 1Password?
LastPass does not use the secret key concept that 1Password uses, it only uses a key derived from your password. After the breach they rushed to increase the hash iterations [1] and added features to let enterprise admins set minimum iterations [2] but of course it was too late at that point.
Adding on to what others have said, LastPass stored vault "metadata" unencrypted. Metadata included things the url. This allowed the attackers to prioritize cracking vaults of higher value.
See a vault with just a facebook.com and google.com login? Skip it. See a vault with coinbase and 10 other crypto sites in it? Spend a few thousand trying to crack it.
I was under the impression that basically lastpass knew your password, 1password does not. Lastpass owned the whole key. With enterprise organizations though we can still reset a users password if they forget so 1password might “know” your password too. Maybe older versions or individual versions are more secure.
It would probably be more accurate to say that LastPass has the information to decrypt your vault if they can guess your password. By contrast 1Password would need to both guess your password and guess your personal secret key. The latter is effectively impossible assuming the key generation was well-implemented. The trade-off is that users must keep track of their own secret keys.
You'd have to contact someone to get the secret key from your 1Pass emergency kit, wherever you stored it. That is, unless you can memorize long strings of numbers really well.
Not really. The biggest, most immediate and most threatening problem in this scenario, is inability to access your passwords, and therefore inability to use banking and means of electronics communication.
2FA does not increase the key strength. The key is solely derived from the password. 2FA limits access to somebody who already has the password to get in. The LastPass leak was of a backup, though, for which 2FA does nothing.
I switched away from LastPass after the 2nd major security breach sometime around 2013. Wikipedia only shows 3 total incidents, but I know I've seen reporting on _at least_ 5 between 2010 and today. In that time, I've continued to run into its use at companies, and it's honestly surprised me each time. Something something fool me 5x…
How come this is legal? By now this is a business practice. Why would the government close down a restaurant after food poisoning but do nothing here?this is much worse, considering all this money goes to the axis countries?
I don't think there's anything illegal about being terrible at your job (information security), but I do think it's a tragedy that LastPass has somehow avoided the public shaming they so desperately deserve for their repeated ineptitude.
LastPass understandably finds there to be no evidence linking the two. Uhm, OK.
But what's also hard to believe is that people storing millions of dollars of "collectables" would not change their passwords on at least a yearly basis.
I know that password rotation for its own sake is no longer best practice, but in this case it still seems quite prudent. No?
This is the kind of control that is really becoming a luxury.
And I don't know how we get back to a simple state; Let's say you're a family of three with shared services and accounts:
Keeping everything under Keepass means handling the file sync between all the devices and OSes, with potentially your credentials flying through third party sync services, thus negating most of the advantages of Keepass.
Moving to something like a self-hosted Bitwarden instance should be the way, but then one member of the family becomes a dedicated lifetime sysop making sure that instance is secure while being accessible anytime from everywhere.
It shouldn't be a luxury, but it unfortunately is due to various big players refusing to play nice together.
If everyone has only apple devices (iphones + macbooks), then you can use a shared iCloud sync'd folder.
Except that doesn't actually work because the majority of iOS apps are incapable of using a shared iCloud folder correctly (including apple's notes app, most of apple's apps) because apple tries to hide the filesystem so much, that even saving a file into a folder is basically impossible for most apps.
That also doesn't work if anyone uses linux or windows because apple refuses to play nice with other ecosystems.
If everyone _doesn't_ use iOS devices, there are dozens of solutions that work well, from a shared google drive folder, to syncthing, but if even one person uses an iOS device, then suddenly none of the shared folders work, because apple has made it so creating a shared folder on iOS is bad for iCloud, but even worse for any third party app (be it google drive, syncthing, an FTP based solution, etc etc).
I guess what I'm saying is that apple tried to kill the filesystem, and in doing so has made it so the very idea of just sharing a folder of files securely seems like a per-app luxury.
Instead you need a shared photo album for photos, a shared notes folder for notes, a shared "apple invites invite" for a calendar event, etc etc. Apple has a lot to pay for, and a hatred for folders that has caused the entire industry to move away from simple secure app-independent sharing is one of them.
Instead, we have a jumble of apps being forced to implement their own sharing concepts poorly and often insecurely.
FWIW, Apple has had at least two partners in crime here - both Google and Microsoft had, and still are, trying to kill the filesystem in this way, too.
The trio mostly succeeded, which is a big part of why modern computing sucks so badly, and is more confusing for non-tech people than what came before, rather than less.
Syncthing works great for this if you have an always on computer. If you don't you can use a server and add it as an untrusted recipient if you have to, though I would not bother since the database is encrypted with your password anyways, and is not vulnerable if you never reuse your db password and there is enough entropy.
And you can use keyfiles that you sneakernet between devices at setup time, so those are never exposed to the syncthing shared folder. I don't think this adds much security since presumably if someone can compromise your syncthing secrets, they could probably grab your keyfile too, but in the event of a syncthing vuln that doesn't lead to other filesystem access, it might help.
The whole point of a password manager is to be reliable when shit hits the fan. If my phone dies I want every changes to be available to the other synced devices, especially when it has been away from home for a while (losing newly created accounts or passwords during a trip is just miserable)
My phone doesn't have my main password safe. I don't trust that thing. If a stupid app decides to log me out, I can't login until I'm back home. I never created an account "on the go", but I had to do a password reset once. I will use a standard password until I'm back and change it to a randomly created one.
I can't even login to my bank without a special token device. I don't have that with me either.
A different life is possible. That's all I'm saying.
As TheDong points out int he other comment, I also had Keepass working well when absolutely everything in the house was Apple.
It went down the drain when I switched to android and the kid to a Chromebook.
This is the proverbial strategy tax working out, where the strong ecosystem play is biting us hard enough. Moving to Windows+WSL actually made my life easier, even as the other member still have some Apple devices.
This. I have enough devices under frequent use of the keyfile that the chance of each of them beings corrupt is extremely unlikely (n>=3 at any given time).
That being said, not an approach useful for all and a good mental model and sharing system with redundant copies on flash media / live systems/ mobile devices can be an effective strategy.
Use case: 10+ year keepass user, never lost a credential or had one compromised that affected more than one account due to breach. Thank you Keepass devs!
So what if it does? Worst case you just go through the account recovery process at each institution. Password managers are a convenience. Data integrity isn’t critical but security is.
In the real world, there's always a recovery procedure. It might involve visiting a court or some local administrative offices, but you can always recover access to anything that's important.
Not so with Google, or other on-line services that came from the tech industry side. Cybersecurity "best practices" is basically giving you a razor blade, and kicking you out if you hurt yourself with it.
Centralizing everyone’s credentials after all these years still seems like the most risky idea ever. The only thing possibly more attractive to a hacker would be free sex and drugs, but only for a little while, and then they’d go back to trying to steal everyone’s credentials.
Some other targets: everyone’s PII, info on friends, family, pets, answers to security questions, mobile IDs, PIN numbers, account numbers, signatures, photos, fingerprints, voice patterns, facial and retinal scans, gaits, DNA, mitochondrial RNA.
I have similar gripes, but I still feel like on balance, randomizing passwords across accounts is more important. Selfhost vaultwarden ftw (or not — don’t f*ck it up)
The point is if they even have access to my encrypted data, they wouldn't be able to access the plaintext without the key (and yes the passphrase is not sufficient).
You are wrong, the article posted said the heists happened because of both a breach and cracking master passwords. LastPass E2EE relied on keys from the master password using a password hash that had a low iteration count. Therefore low entropy passphrases could easily be cracked. Furthermore not all data was encrypted. This is all a weakness of their E2EE. 1Password uses both PAKE for remote authentication and a high entropy key (128-bit) and therefore doesn't solely rely on a master password. There is an actual difference.
Of those links you posted, two of them could've equally affected a password manager that was local. All password managers can be subverted by external threats whether using cloud storage or not.
My point is, properly implemented E2EE (hopefully vetted by cryptographers) is marginally different to a password manager using local storage. Sure having it cloud hosted can affect more than one user, but attacking the ciphertext data would be infeasible.
I don't know what you mean by insufficient protection, but as I said proper E2EE implementation provides sufficient protection. A symmetric encryption scheme that satisfies IND-CCA2 with a high entropy key is infeasible to decrypt without knowledge of the key. This is well understood basics of cryptography. LastPass failed at the high entropy key part / slow password hash, but also leaking metadata in plaintext. Pretty much other password managers don't have this issue, both local and cloud based.
What do security minded people do about passwords? It seems like you either use the same password for everything, or you need some kind of password manager, but then I'm always worried about having all my passwords in one place meaning they all get compromised instead of just one.
It also feels like there's a convenience tradeoff with a lot of solutions. I could keep a physical binder full of passwords in my home office but that would be a pain to look up and enter things every time (and a big risk for anyone with physical access to my place).
Bitwarden for usability. Vaultwarden if you can and prefer to self host. Being on the internet you'll have to trust someone at some point. Can reduce risk by combining strong 2FA (not SMS/Email) alongside backing up your vault.
Ensure all your passwords get reset at some point after vaulting, long randomly generated from Bitwarden extension/app is easy enough. Ensure you enable strong 2FA at each service you have an account at too.
Passkeys tied to actual hardware, like the TPM-based solution in Windows Hello, whenever possible, Keepass where not.
Keepass DB cloud synced, but the passkey file I use in conjunction with a p/w to open it never leaves the machine(s) it's on. Also, key file needs Admin rights to read, so KP is run privileged, which also protects its process memory space from user-land snooping.
Even better than the TPM in Windows is a hardway FIDO2 or OTP key, I'd imagine. Those cannot be comprimised by a virus on your PC in the same way, assuming you don't leave the key in at all times and you only tap the button when explicitly logging into something that would require it.
I use a simple algorithm. So you don't actually remember the password, put the algorithm to produce the password for the site or service. Not perfect, but each passwords turns out to be unique (mostly). I don't know what experts think about that, but it has worked fine for me.
* If 1 to N password(s) leak the pattern may be obvious leading to your other accounts being compromised
* Not all sites have the same password “rules” so there is no algorithm that works for all passwords without you being aware of the rules of the given site. Rules that only you only (may) have access to at signup time.
* Typing passwords out manually sucks (slow and error prone)
1) only matters if you're a very high value target who is being manually target. Doesn't apply to 99.999% of people, who only need to worry about credential stuffing and brute force.
2) Similarly, it's not hard to come up with an algorithm that satisfies 99.9% of websites.
3) To a lot of people, managing a password manager sucks.
I personally do use a password manager and automatically generated passwords, but also understand that for many people it's the better option.
Yes! I'm totally aware, but, for the first point, attacks are generally automated. If someone tries to find the pattern, you are being personally targeted and you have bigger problems.
As per number 2, it is true and it sucks big time.
As per number 3, I don't really mind much. You don't generally have to use your password every time.
I agree that especially with modern LLMs, I would avoid following patterns like this.
Dedicated 2FA on a hardware device seems pretty resilient, I hope more banks incorporate it instead of SMS 2FA. Hosting vaultwarden also seems pretty good because it’s unlikely for you to be targeted, but requires selfhost maintenance.
I was recommended LastPass by Lujo Bauer a professor and security researcher that has done a lot of work in password security - but this was in its nascent start-up days circa 2013). I think worse than low iteration count on password hash, I wasn't aware for the time using LP that it didn't encrypt a lot of the metadata and that concerns me greatly. I was and still use a 96-bit passphrase, so I would've been safe from the breaches from an offline attack perspective, but metadata would've been exposed which bothers me. I switched to 1Password in 2017, so hopefully they expunged my data before the breaches, but who knows.
One thing that I don't see mentioned very often with regards to the last pass breach is that 2fa seeds for their Authenticator product were also compromised and taken. Meaning not only could the attackers gain access to passwords, if you were using last pass for 2fa they had that as well.
I've always preferred 1Password and Bitwarden to LastPass.
I still prefer to encrypt sensitive data and "secure notes" with custom workflows (GPG keys, for instance) instead of relying on third parties, and even more when the data would be store in the cloud, in a centralized location.
I can't imagine the nightmare of having all your secrets exposed, not just for the risk of it but for having to reset all your exposed accounts.
I used to be really skeptical of online password vaults. I thought they were an obvious Honeypot begging to be hacked. But if I understand the technology behind 1password correctly, there is literally no way for a hacker to sign into my account on a new device without having one of my other devices or my secret key (the actual 34 digit encryption key used to verify my account and set up new devices).
So even if they know my 1password username and password they still can't really do anything with it. And if they steal my device, they would need to know my login password. Or cut off a finger, I guess, but I've got bigger issues if that happens.
They don't all work this way, but 1Password seems to be by far the best and most secure option, and IMO the convenience of an online password vault simply outweighs the tiny risk with a proper vault like 1password.
No idea why anyone has stayed with LastPass after the fiasco a couple years ago though.
> So even if they know my 1password username and password they still can't really do anything with it. And if they steal my device, they would need to know my login password. Or cut off a finger, I guess, but I've got bigger issues if that happens.
The victims did not practice proper key management. The victims got hacked because of their own insecure key management, not because of any vulnerability in Bitcoin.
To claim otherwise is like claiming that because people can steal improperly secured code signing or TLS certificate private keys, all code signing and TLS certificates are inherently, fundamentally, and automatically broken, which is really just a fundamental misunderstanding of cryptography 101.
You know what every other online money transfer mechanism has? An ability to reverse transactions in the case or error or fraud. Because those things happen all of the time.
That kind of reversible payment rail can be implemented on top of a base layer like Bitcoin. Like the current banking system, with it's underlying final clearance network between banks.
I like Bitwarden and selfhost a vaultwarden server on the cheapest instance AWS has. The server only needs to be running when I change the local database. I created a API key with only the ability to start and stop this one instance. The server is only accessible over a Tailscale tunnel so it is extremely secure. It is neat making servers available over a Tailscale tunnel because you don't have to have any open ports at all. I snapshot the instance disk to S3 when it changes. This way i can securely store my passwords on the world's most reliable storage and on my local PC.
> Reached for comment, LastPass said it has seen no definitive proof — from federal investigators or others — that the cyberheists in question were linked to the LastPass breaches. “Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement,” LastPass said in a written statement. “To date, our law enforcement partners have not made us aware of any conclusive evidence that connects any crypto thefts to our incident. In the meantime, we have been investing heavily in enhancing our security measures and will continue to do so.”
So, there's slightly less than conclusive evidence, and how much evidence should you need anyway, given the alternative hypotheses?
Horrible, and waiting until Christmas week to disclose it while weak master passwords (no min length reqs) and a laughable PBKDF2-HMAC-SHA256 with 5,000 iterations (this was set to 100,100 for new accounts after Feb 2018) let the attackers brute-force their way in…
There were accounts with as few as 1 (yes, 1) PBKDF2 iterations[1]. Others changed theirs to over 300k but it still ended up only being 5000 in reality[2].
So despite the messaging from LastPass about improving iteration count for existing users it wasn't always accurate.
PAKE has been around for about 25 years, and PassKey just works!
It’s 2025, and we have things like PassKey that connects to hardware devices with a challenge response rather than clear text passwords being sent to a website you THINK is the one you’re talking to.
I don’t totally know what this comment is attempting to communicate, but Karim Toubba apparently had been CEO for 4 months at the time of the original breach:
I've repeated over and over that password manager services are a horrible idea. Trusting a single service with all your passwords is worse than using the same password for all services (of the same sensitivity level) IMO. The ideal solution is to come up with a secret heuristic to come up with different passwords for different services. I kept getting downvoted for this. Well, IMO, these people deserved to be hacked.
I've never been hacked, never been locked out of any accounts.
I'm getting tired of being proven right about everything over and over after being downvoted. It's a very common pattern for me.
>The ideal solution is to come up with a secret heuristic to come up with different passwords for different services.
How long does it take you to enter several keys of 16+ length for a few sites you might to access? A password manager can autofill, retrieve and input keys, provide an OTP in a few seconds.
Where would you store your emergency codes and other secret-like artifacts?
It just seems impractical for a person, let alone edge cases like sharing, or usability concerns like working with secrets frequently throughout the day.
>I've never been hacked, never been locked out of any accounts.
Due to the strength of your system, general digital hygiene, or simple odds? If we're getting really contrived, how do you maintain confidence your heuristic can't be guessed from X plaintexts obtained from breached sites (highly common)? That's kind of like rolling your crypto, isn't it? -- doing it correctly is beyond almost all of us.
What if you used a password service, but modified the password it puts in manually (and didn't let it update when you log in)? Would an attacker try variations, or just move on when your password manager-provided login doesn't work?
This would probably help a little bit in terms of security but you would still depend fully on your password manager for access to various services. Personally, I don't like the dependency aspect of password managers.
I hate having to log into my password manager first before I can log into the service... And I don't like having to adhere to the whims of the password manager about things like changing my password every 6 months or using certain characters... It's really none of their business to determine what level of security is appropriate for me when trying to access my Instagram account which I barely care about anyway. I'm not some billionaire with teams of hackers trying to crack into my account 24/7.
I hate it when I can't use certain passwords because the password manager thinks it should contain certain characters which I simply won't remember.
I hate when trying to log into LastPass with my master password and I can't remember my password and have to try like 10 permutations to find the one in the format that it forced me to use last time that it forced me to change my password.
I hate getting locked out of LastPass and having to go through its 'Forgot my password' flow only to find out that the password for my email account which receives the email password reset link is also controlled by LastPass... And it's only by the grace of god that I had not trusted LastPass to generate my email password for me and I was able to guess it and didn't end up fully locked out of all my services which I need for my work.
That last experience was so scary, I actually wrote down my LastPass master password on a piece of paper and put it in my desk drawers so that I would not forget it. I know this is insecure but that sort of risk profile is aligned with my current non-billionaire status. Somehow, I don't think North Korea is going to send spies to my house to peak into my desk drawers to break into my work accounts...
A master password (e.g. to access a password manager) needs to be both remembered and stored somewhere (ie the password manager, not your brain). A secret heuristic doesn't and so is more secure by simply not also being stored somewhere outside your brain.
Depends on the implementation. For example with 1Password it is not stored anywhere unencrypted, it is derived with a slow password hash and mixed with a secret key (this part is stored) to unlock your vaults. You can't access your vault without both.
You asked what the difference was. Simply put, you can't hack what does not exist. LastPass also stores passwords encrypted and was hacked.
In other words, no matter of how well 1Password handles the storing of your master password (encrypted/decentralized or what not), the fact that it does is inherently less secure than something that doesn't store anything at all, such as the case with a secret heuristic.
LastPass didn't properly implement E2EE and because they used a weak password hash which affected low entropy passwords.
> In other words, no matter of how well 1Password handles the storing of your master password (encrypted/decentralized or what not), the fact that it does is inherently less secure than something that doesn't store anything at all, such as the case with a secret heuristic.
When I say 1P stores your master password encrypted, it usually does it as an item in the vault. You can easily remove it from the vault and therefore doesn't store it anymore, and you can have the same security as your secret heuristic. Storing it in your vault is of negligible concern.
If your master password is not stored anywhere, there is no way for 1P to know what your master password is - and so no way to validate what the correct password is to access your vault. Even if 1P doesn't store the master password on local disk, their servers, on a hard device, encrypted, unencrypted, or does it completely algorithmically or whatever... it is in fact stored somewhere outside your brain, and therefore more hackable than something that isn't stored anywhere other than your brain.
It is used ephemerally to unlock your vaults. It isn't stored anywhere. You're really clutching at straws here.
Given a sample set of passwords derived from a secret heuristic, it could be reversed. The secret heuristic isn't completely safe either. Moreover because it lives in your brain the algorithm is inherently low entropy and the resulting passwords will be as well. Furthermore the old adage applies, don’t roll your own crypto.
Your the one that's grasping at straws and doesn't understand that 1P needs to store something in order to validate or generate your master password. The fact that this does happen, makes it less secure in comparison to not storing anything, as you can't hack something which does not exist.
> Given a sample set of passwords derived from a secret heuristic, it could be reversed. The secret heuristic isn't completely safe either.
Sure but this isn't the argument being made. As an analogy, not using any E2E is inherently less secure than using some E2E encryption, but using E2E encryption doesn't automatically mean you're more secure. Simply put, you had asked "What's the difference between a master password and a secret heuristic?" And that difference is a master password (or ways to generate it) must be stored outside your brain, and doing this is inherently less secure than not doing this.
I already told you what it needs to store and it isn’t the master password. No master password needs to be “validated” even when authenticating to 1P servers. You clearly have a fundamental misunderstanding of cryptography. Anyways this is all explained in the 1Password security whitepaper.
No I understand dual key encryption, and like I said, there is still something stored (the key as well as the passwords in the vault). What you do not understand is how this is inherently less secure than not storing anything at all.
To give you a concrete example, 1Password doesn't guarantee you from say, being compromised by a keylogger, and someone stealing your master password (never mind the key which is in fact stored). A secret heuristic doesn't necessarily face such risks. Sure that doesn't automatically mean a secret heuristic guarantees you better security, but that's not the argument.
Sure I’ll cede that storing nothing is safer. Yes an _authenticator_ is stored implicit in the MAC of the ciphertext holding the vault key, so in a way a key stretched version of the master password is validated. So with both a secret key and vault key wrapped ciphertext you can launch an offline attack.
But the keylogger or malware argument is a lazy one tbh, not only does it affect your secret heuristic as any input password is affected, basically no software can be guaranteed to be safe from malware or keylogger except maybe that running in something like a Secure Enclave or if your OS supports secure entry on certain fields (1P on Mac does this). If you’re in that position you got bigger things to worry about anyway.
But anyways it all depends on implementation as I said. 1P also supports passkey unlock eradicating the need for the master password (secret key stays), so you can still have the security you desire, particularly if you use a FIDO2 security key like a yubikey.
I feel like anyone with a visceral reaction to password managers that sync/store on cloud storage do not really understand E2EE. LastPass is really the only exception that didn't implement it properly.
This is such an under-rated comment for this whole thread.
This was my gut response to password vaults when they were first implemented. I still find the idea of password vaults spooky.
Open source ones scare me because it seems easy to slip a compromised library. The XZ debacle can't be the only time that's been tried.
All of them scare me because a bad browser extension or a more minor hack, like a trojan, could likely compromise all passwords.
Games on steam sometimes have some ridiculously privileged anti-cheat software, run by who knows what company, some of which offer direct RCE, in a process that already looks into other processes memory.
Virus scanners routinely analyze every single file on a computer and maybe memory too.
1Password truly doesn’t get enough credit for the choice to encrypt every vault with a high entropy secret key passed device to device. It surely costs them in UX and support load, but it would have made a breach like this essentially inconsequential.
Bitwarden truly doesn’t get enough credit for being completely open source and having independent implementations of the server code (Vaultwarden) with which the official clients are fully compatible, which I can run on a vm on a server under my desk.
In 50 years time, who knows if any of these companies will be around. But I’m pretty sure that my grandchildren, should they want to, will be able to open a gpg encrypted gzipped file (with the passphrase I’ll leave them) containing my passwords in a csv file.
I am fascinated by the idea of being 50 years from now, and doing digital archaeology more or less. So much of our actual output is now digital and stored digitally.
Given how I have experienced technology up until this point, my assumption is that everything I will create for work or for pleasure, is more or less ephemeral. It has certainly proven true for work.
I think we (or our descendants) will be surprised by the longevity of some of the file formats in use today. I would wager that it will be possible and not too unusual for regular users to open files in formats like PDF, zip or jpeg 100 years after their inception.
I've recently had to open some installer files from the mid-90s that were in a proprietary format (I forgot the name... Inno? InstallShield?) and was surprised to see that the current go-to solution is open source.
As long as an open source (or at least open specification) exist, these files will remain being openable. ...or at least until curious minds are able to crack them!
PDF - 1993, JPEG - 1992, ZIP - 1989.
We're already 1/3 of the way there.
I'm not sure whether these file formats will still be in common use, but I'm fairly sure it will be trivial to find software that can read them.
Just like it's fairly easy for us to even run software from 50 years ago thanks to emulation. As long as your software run on a platform popular enough to have a good emulator. But for PDF and zip and jpeg reading software that will definitely be the case.
You think we will still have files? I wager in the long term we're going more towards a people focused than paper focused system.
Yes I do think we will still have files (whatever they will be called) at some level for some purposes.
I.e, we will still be able to store and transfer sequences of bytes conforming to some specification (file format), and we will be able to attach names to those blobs in some namespace. The concept is too general to ever lose its usefulness.
There are a few key things I have learned in the third of a century that I've been working with data: Data lives longer than apps and longer than people. We will always need units of data that have their own life cycle and are reasonably self describing and self contained (i.e meaningful without resolving external references).
100 years after their inception isn’t very far from now. There are plenty of people here who will be alive in the 2080s.
Everybody has a different idea of what long term means, but I think of it as millennia from now. The kind of time frame that the Long Now Foundation talks about.
I suspect you won’t be allowed to do archeology, because the company that bought the rights to it won’t let you. If we continue the path we’re on basically nothing will be owned by us or kept safe by us. Just look at the difference from the PC era to the smartphone era. It’s all cloud based now.
> Bitwarden truly doesn’t get enough credit for being completely open source
It’s their No. 1 selling point.
> In 50 years time, who knows if any of these companies will be around
1Password has local clients. If you have the password, you should be able to unlock the vault locally.
Can you walk me through how to do this?
I have installed the "1password-cli" package on my airgapped linux machine with no network access ('op --version' gives me 2.30.3).
If I run 'op vault list', it tells me I have to add an account. When I run 'op account add' it tries to connect to 1password's servers and won't let me proceed without internet.
I don't see how this "local client" is helping if all the auth infrastructure goes through their servers.
There might be alternatives that are better designed for that use case these days; pass and KeePassXC are popular ones, depending on the interface you want (pass is made for the cli as the primary interface).
You need to authenticate once. You will get your vaults locally and you will be able to access them without an internet connection
What does "You will get your vaults locally" mean?
Is it possible to export as a file, take that with you on whatever medium (eg. USB key, CD-ROM, future isolinear chip), put it on a brand new PC you built from scratch and never connected to the internet, and open it in some kind of standalone viewer?
That’s how 1Password used to work. Not sure how much of that is still left in the system these days.
Originally it was an app with no remote component. The vault was yours to look after. Most people kept it in Dropbox to make it accessible anywhere. The vault itself actually had an html file in it that you could open in a pinch that was able to decrypt secrets (only for reading, from memory).
1Password as a service came later.
Actually, 1Password had local syncing where you synced the vaults between devices on a local connection (I think it was point to point WiFi, so your internet dropped off, Bluetooth was less common then). So it was bucket brigade syncing.
Dropbox came later and security minded folks were wary. Honestly, I trust 1Password sync more than an encrypted db on a general purpose cloud file sync, but maybe that’s naive.
Know of any archived copies of this offline-first experience or has it been fully eaten by enshittification?
After auth, it downloads a copy of your vaults to your device from their servers.
Super contrived, but you could probably just copy the sqlite dbs of your vault it creates locally to another PC along with the 1Password installer and it might let you sign in with just your master key.
Please try our solution[1]
It's truly local first and will work fine in an airgapped situation.
It's also designed to be self-hostable[2], is open source [3] and the API is well documented[4].
[1] https://saveoursecrets.com/ [2] https://saveoursecrets.com/docs/cli/self-hosting/ [3] https://github.com/saveoursecrets/sdk [4] https://docs.rs/sos-sdk/latest/sos_sdk/
The likelihood that someone would be able to do this in 50 years time, without your company still around? Close to zero.
Passwords, even ssh keys and passkeys, are little pieces of plain text. If you think needing a specialised sdk or cli to retrieve plain text is a good software architecture, I think we see the world quite differently.
That's the exact reason it's open source, so it would still be possible to access your data in such an event.
We clearly see things differently but I think using computers to make our lives easier is worthwhile and storing/managing our secrets securely, effectively and conveniently is better managed by software than some ad-hoc setup.
Nitpick, passkeys are not text, they are binary blobs.
“1Password anywhere” (single html file password manager) stopped working a while ago. May be 6 years back. Sure you can install a new client and use a stored folder - but compatibility lasting to your grandchildren’s time / 50 year etc - highly unlikely
Since I’m talking about reliable long term archival of critical encrypted data here, let me again ask: in your opinion, what is the likelihood that in 50 years time, with 1Password long gone, my grand children would be able to run that local 1Password client and successfully decrypt the data?
Because I feel pretty confident that gpg will still be around (though hopefully long deprecated), that gzipped files would still be able to be opened, and everyone would still be able to open a csv file. Without any specialised software, sdk or whatnot.
If this scenario doesn’t concern you, that’s fine, 20 years ago it wouldn’t have been my concern either. But the older I’ve become, the more I think about this stuff.
Close to zero. Archive is a different discipline. You need to have formats that are long lived and accessible over time. Paper is best, and it goes from there. Some electronic media archivists are fans of TIFF. It’s a field with controversy.
Pick the formats your storing and handle security at the container. This might be an encrypted system that is copied and updated over decades or a physical storage safe or box.
I backup some what similarly.
Curious, how is Excel encryption? That may be a more approachable format than CSV GPG, and though technically the CSV GPG is more simpler, it may be less familiar to users in 100 years. Excel will still be around ;)
https://answers.microsoft.com/en-us/msoffice/forum/all/what-...
They apparently use AES-128. Not quite the level of Bitwarden, which uses hashing (argon2 or PBKDF2) and AES-CBC-256 simultaneously.
>But I’m pretty sure that my grandchildren, should they want to, will be able to open a gpg encrypted gzipped file (with the passphrase I’ll leave them) containing my passwords in a csv file.
technical possibilities aside, do you presume your grandchildren will be technically apt?
I am pretty sure 99% of people would halt at 'gpg' , and that's now -- not 60 years from now.
> I am pretty sure 99% of people would halt at 'gpg' , and that's now -- not 60 years from now.
I know reading the docs is considered uncool for some reason, but it really does work.
To how many non-SWE members of your family could you say 'here is the Netflix password, you can decrypt it with gpg', and have them be like 'ah yes, let me just `man gpg` this will be no problem'?
If secretaries can learn Emacs, surely people can learn GPG. Underestimating others does no one any favors.
https://www.gnu.org/gnu/rms-lisp.en.html
They can just ask the super AGI that will exist to tell them how to do. Heck, even current LLMs can tell you how to do it step by step.
Cynically, it's far more likely they will upload the gpg blob to said agent, provide it with the password via the conversation box, and ask it to directly provide the specific information that they're after.
The AI model will be of certified provenance and run on attested hardware [0] so this won't be as much of a security issue as you might expect. Naturally the various three letter agencies will have full hardware access including query history.
Periodically, hardware zero days will drop and all hell will break loose.
Alright that's enough speculative dystopian fiction for me for today.
[0] https://news.ycombinator.com/item?id=42454139
Probably zero. And strike the non-SWE part. gpg isn't really easy to use.
Hence need to invest in better opennsource pgp tooling. It won't take more than 10 million USD and will benefit every single person on earth.
Google, "How do I decrypt a GPG file."
First result with simple command. I went from KeePassXC to `pass` & back to KeePassXC. But I question the integrity and/or motive of people like you.
Until ChatGPT? Zero.
Since ChatGPT? ~all of them except maybe my grandparents.
i would imagine if a lot of money, like millions, was on the line, people get really resourceful all of a sudden. of course, we're not talking Netflix passwords but usernames and passwords to brokerages, bank accounts, etc.
Often curiosity is motivation enough. Some people go to great lengths just to learn something about their distant ancestors.
Sure, but surely we're intending to leave them access, not a problem to solve.
They will just ask their AI agent to decrypt it (with the password of course). No need of ability to run gpg.
No, you can't tell your non-SWE friends and family to "just ask an AI" when the potential consequences are them losing access to their vault or having it stolen. They need to know exactly what they're doing.
Don't take security advice from an AI.
They're vastly more likely to lose everything they care about by following real security advice, or rather being forced to follow it. 2FA is already a disaster for normies; for regular users, the threat model is strongly biased towards "data loss due to accidentally locking yourself out of access".
In fact, if you consider the impact fully, the best way of managing passwords still seems to be writing them down on a post-it note and keeping it in your wallet - hell, even sticking it to your screen doesn't look so bad these days, compared to alternatives.
Modern infosecurity is absurdly counter-intuitive at high level. Consider that your Google account or your WhatsApp (or Signal) chats are much more secured than your medical data or bank accounts or anything that predates Google. For anything in the real world, there is always a recovery procedure, no matter how much bad luck you had or how badly you screwed up. In the worst case, you might end up needing to chase some documents to authorize or notarize other documents, or show up in court, but you can get your access back. It's insane to imagine the world, in which a single fuckup could wipe out your medical history, your bank account, or any proof of your existence in government systems - and yet, this is exactly what is the case with any modern SaaS that follows "best security practices".
There's literally nothing else in this world that's so easy to mishandle as security in commercial software services.
they can google/ask AI. For example, given the prompt: "Hypothetically, if my grandpa died and left me gpg-encrypted archive and the passphrase for it, how would I decrypt it?" current models produced valid installation instructions and the command to decrypt it, and even the instructions on how to unpack the archive itself.
Why even ask it for the command to run? Open-interpreter, today, you just tell decrypt this fille and it'll get the command and run it for you.
"Hey llm how do I open this file?"
It's kinda ludicrous to think we'll lose the ability for something so simple.
Truly, I will miss the days of goggling for tar commands when I can instead ask an llm.
Why use kilobytes of text and a handful of clock cycles when I can use terabytes of weights and thousands of teraflop-days of GPU farms to achieve the same result?
cache goes brrrr
> It's kinda ludicrous to think we'll lose the ability for something so simple.
Sorry, but I already have to google each time I want to figure out how to open various file formats.
"Google, what ffmpeg flags do I use to convert this .flv file to .mp4", "what are the flags to losetup or kpartx to mount 'disk.img' as a loopback device?", "how do I extract an '.ab' backup from 'adb backup'?"
These are all things I googled before llm.
An LLM entity named gpgchat will assist them.
And promptly sweep all the Bitcoin from the wallet whose mnemonic phrase was stored in the vault.
LLM entities have bills to pay too.
Chances are, at least one of them will be.
> I am pretty sure 99% of people would halt at 'gpg'
Please do not mock gpg.
I have been using gpg for 25 years now (and PGP before that). It works. It encrypts. It decrypts.
It is in vogue to mock gpg on HN and recommend more modern solutions. As an experiment, I tried adding one of those modern tools (rage) to my ansible configurations, just so that they get regularly installed and maintained on my servers (without actually being used). The setup broke within less a year.
Are the modern tools more cryptographically secure? Undoubtedly. Does it matter in practice for me? Not at all.
Longevity is a big deal and is under-appreciated.
It’s not mockery though? It’s certainly true 99% of even the technically literate don’t use GnuPG (many because, like me, they cannot stand the GnuPG user experience).
Filippo nailed it with this piece: https://words.filippo.io/giving-up-on-long-term-pgp/
Not their point tho. Me too, gpg, no problem. Heck I had the "'smuggled' out of the country as a book" pgp back when.
My kids? I really am not so sure at all. Still too early to tell for sure but so far I don't think any will be as technically savvy as I am. I really doubt they'd know what GPG (or PGP) are and how to use it.
Presumably if you're leaving your kids an encrypted file with valuable stuff in it they won't be so illiterate that they can't figure out how to open it. Most people don't know gpg because they have no motivation to learn it not because they're incapable of learning it.
No motivation, sure. But do they even care? Most people just don't care about this stuff. You try to get them to care and they "say, yeah, okay, yeah, I know" as they roll their eyes and go back to scrolling Instagram or whatever.
The apathy is real and I don't see it getting better.
It's such a pity that bitwarden's client doesn't work offline for modifying vaults (need to be online to be able to access the server implementation). I would switch from my old local vault 1password in an instant.
I just have KeePass in a syncthing folder with a trigger to sync on open.
Technically I think I could drop the trigger if the desktop app would open by making a temporary file copy and syncing back (ironically Keepass2Android is very good at this).
Or KeePassDX for Android.
https://www.keepassdx.com/
https://www.f-droid.org/packages/com.kunzisoft.keepass.libre...
Can you expand why the trigger is necessary?
I have the folder which is synced, and then the device local copy which is what I open.
This is because AFAIK desktop syncthing doesn't like it if the file gets replaced out underneath it. This might've changed.
This is literally the only thing that's holding me back from switching as well.
I still rely on a gpg encrypted text file for storing my passwords, too. 25 years of that and it's second nature. No other solution has ever appealed to me.
I’m autofilling usernames and passwords from 1Password’s browser extension probably 100+ times per workday. Are you manually copying and pasting anywhere near that amount? I think I would be miserable with that setup for anything beyond very light use.
One of the reasons I’m using Passwoed Store: https://www.passwordstore.org/
Though the tooling isn’t great – I’ll probably switch to Vaultwarden sometime this year.
Is bitwarden’s only differentiator being open source and self hostable? Im looking at other services and thus far see no reason to leave 1Password.
That, and it's better in most functional and polish regards than LastPass. I haven't used 1Password, so I can't compare those two directly, but I'd strongly recommend BitWarden over LastPass as far as those two are considered.
I have my own beef with 1Password, but having used both Bitwarden and 1Password, I still find 1Password to be the better UX and more secure solution. Bitwarden is also worse at filling with their browser extension, rather significantly. That said, 1Password's Safari support with multiple profiles is... frustrating... at best.
1Password is also significantly more polished and easy to use than LastPass.
is that not enough? It's also inexpensive and works very well on all platforms.
Not OP, but UX also matters a lot.
I’d strongly prefer an open source and selfhostable option, but each time I’ve evaluated Bitwarden in the past, it was a big enough downgrade from 1Password that I didn’t think switching was a good option.
If the experience ever becomes as seamless, I’ll be switching.
> Not OP, but UX also matters a lot.
That is particularly true for anything dealing with security. I evaluated both BitWarden and 1Password when we wanted to migrate away from LastPass. My recommendation was to eventually go with BW. Its open-source nature was a factor, but for a corporate use the UX factors were even more prominent.
Over a course of a month, I ran into several subtle footguns with 1P. Search included only some of the fields. Password reset/rotation flow was easy to mess up (thanks to the confusing + inconsistent "copy field" functionality) and get into a situation where the generated password that was stored in the vault was different from the one that was set: in my tests there was 50/50 chance of accidentally regenerating the password before the vault storage step after submitting the new one for a remote service.
There were a whole load of "features" that didn't make any sense. The UI for 1P was a real mess. The feeling I got from it was that their product had been captured by Product Managers[tm] desperate to justify their own existence by shipping ever more Features[tm] without considering the impact on the core functionality.
BW's UI is by no means perfect, and their entry editing flow is far from ideal. But at least most of the actual usability snags in their browser extension have a common workaround: pop the BW overlay out from the browser, into a separate window. Their open-source nature and availability of independent implementations mean that there will be alternatives, should BW go down the same features-features-and-more-antifeatures hellhole in their race to eventually appease their VC backers.
Less is more.
When did you do this 1Password evaluation?
Sounds like our experience with it could not be more different.
> The UI for 1P was a real mess.
In what way? You described how you feel about the UI, but I’m curious about actual specifics.
It’s entirely possible that I’m just too accustomed to it because I’ve been using it for many years, but what you’re describing is how I felt about Bitwarden.
I can completely see choosing BW in a corporate setting for a host of other reasons. But for me personally, the priority is a tool that gets out of my way and just works.
The tool that has done that is 1P.
> Less is more.
That really depends. If less means that the password manager doesn’t get used, then less is less.
This. 1p is polished and easy to use. Bitwarden is as functional as 1P but janky.
1P family sharing and 1P cli also work well.
I check BW every so often but it always feels less polished UI wise. For all the complaints people had about 1P moving to electron, it’s UX is still the best out there.
> family sharing
Why would someone make a feature like this?
I'm confused why some companies (including Amazon and Steam) insist on family features. The mental model behind this is more prescriptive than descriptive - it doesn't match to how users and their families function; rather, it insists on some activities to a) exist in family, and b) be not allowed outside of family.
Or simply: how many people have actual family listed in their Steam / Amazon "family sharing"?
What do you mean about prescribing and insisting? I’m not sure I understand your questions about family sharing and the mental model.
I use family sharing with actual family for my Steam account and all video streaming services. Am I weird? The reason is because streaming services allow sharing under a single paid account, and my wife & kids don’t want to pay for separate accounts, and don’t want to have to authenticate separately on shared devices (TVs, game consoles, iPads, etc). Steam family sharing works across different Steam accounts, and sharing a single account doesn’t work, so Steam isn’t particularly relevant to the discussion of family sharing of passwords. Steaming accounts, on the other hand, all assume they’re being used by a whole family, and the main reason is because of shared devices; the family TV itself logged in. So, they all offer profiles under a single account. Netflix clarifies that family sharing means the people in a single household, maybe others are similar.
We use password family sharing as well. My wife and I share bank and credit card accounts. My wife needs my accounts sometimes to do certain things — you might be surprised how many banks do not offer joint accounts and still treat wives as second class citizens. We share the Netflix & Amazon accounts with the kids so they can use them. I pay for a 1Password family account and share it with my aging father who’s been losing passwords. These things are all pretty useful for me.
I guess you’re making me wonder why someone wouldn’t make a family sharing feature, when it solves real problems and users are asking for it?
I don’t have amazon or steam so don’t know how any of that works. But for a password manager, family sharing is extremely useful.
Bitwarden doesn’t have families per se, it’s got “organisations”. You can setup unlimited number of organisations and users can get invited and join them. Which is very handy for example my wife and I can login and order our groceries from the supermarket using the same account. Or that we can both login and use our electricity company’s web portal which only allows one account per household. All without needing to send each other passwords and updated passwords back and forth.
I have nothing against sharing per se. My issue is with the family nomenclature. In your case it might align perfectly, but for myself and most people I know, it's not the case. That is, the set of people to share a Netflix subscription with, share Steam library with, share Kindle library with, share passwords to various web services, including utility companies, are only partially overlapping, and do not align perfectly with the idea of "family" or "household".
This seems pedantic. I am trying to wrap my head around why "family sharing" is an issue here. You want to share with someone, use family sharing I don't see what the issue is.
Ah ok gotcha. Your issue is with the ‘family’ nomenclature not the functionality, and I fully agree with you.
For what it’s worth Bitwarden doesn’t use that term, they call it Organisation. Personally I feel like ‘Group’ is actually the better term.
I think "family" is just the humane, user-friendly, non-corporate word for "group" in this context.
Yeah, but "group" is also a humane, user-friendly, non-corporate word for "group" and happens to not carry any confusing connotations.
On the scale of humaneness, "family" will always score higher than "group".
But yeah, it's a content and positioning call for the product and marketing teams to make.
Their comment made me laugh, agreed, open source is really is that big of a perk. IMO especially for something security-related (though 0day is always possible)
Why would I have asked if it were enough?
Proton Pass truly doesn’t get enough credit for being completely open source, more user friendly, and hosted outside the US (wouldn’t want to lose access to your vault [1]).
[1]: https://berthub.eu/articles/posts/you-can-no-longer-base-you...
Proton pass is a poor man’s attempt at a password manager, with horrible user experience (oh we thought just a browser extension was enough!) and random limitations to fit in with Proton’s tortured business model.
I was a Protonmail founding member. I used and evangelised them for years until I realised that they are more interested in chasing the next shiny thing (hey we have a crypto wallet now!) instead of fixing longstanding bugs and performance issues in their mail client.
As for hosted outside the US, I’m pretty sure the vaultvarden instance running under my desk is also hosted outside the US (unless I’ve somehow been magically transported to the US). Plus, I get to physically lock the door when I leave the house and my cat usually sleeps on top of the sever which adds a level of furry protection which proton pass could never achieve
Oh, impressive how browser extensions can live outside of browsers now. And on mobile too!
After having used Bitwarden for more than 4 years, I only switched last week, so I'm still in the honeymoon phase. But it has everything I used in Bitwarden and more, most notably all the usability features that I was missing in Bitwarden.
How can I self host proton pass? I'm searching for the server source code and I can't find it. Should be available if it's completely open source.
Don't think you can self-host it, but that would also pretty much defeat the user-friendly aspect. You don't need the server source if the vault is client-side encrypted, besides you would get zero guarantees that what they show and what they're actually running are the same thing.
Well, Bitwarden is actually completely open source. So I can use the server code. It's pretty great!
Wouldn't it also make you lose everything in a recovery scenario? If all your computers are lost in a fire or flood, you would lose the recovery key, and having your password would not be enough to recover your database. I use keepassxc with a somewhat long password with a high PBKDF iterations count, which would not require having any devices in the event of a loss.
Loosing everything if you don’t have a key is part of the appeal.
There is an option to print out recovery info. A sheet with a QR code and a space for you to write your password (or not, if you don't trust keeping those 2 things in one place). That paper can go in a safe deposit box, with a trusted family member / friend, or in some cloud service you'd still have access to. The QR code + your password allow for recovery.
Except for crypto, losing your passwords is annoying but not irreversible
Depending on your usage, loosing your password can be irreversible. That'd lock you out of your encrypted email and storage and will take you months to recover your account on some platforms.
Your phone also has the recovery key. Having a copy on your person does lessen the chance of losing all your copies at once.
Having one of your backups out of site will prevent its loss during a fire/flood scenario.
That's table stakes today. LastPass was not up to standards.
[dead]
Lastpass downplayed the breach and turned out they had not properly encrypted the data like notes section. They should have been sued to oblivion, but they were able weasel out of responsibility, so far.
Lastpass had one job and failed it. Unforgivable that they knew their users' master passwords are not secure enough, but chose not to be vocal or proactive about it.
If you're using Lastpass right now, move to more trustworthy options like 1Password, Bitwarden or Keepass. Do it today. And change all passwords, that are meaningful to you.
Just for the record, they are being sued to oblivion:
https://www.courtlistener.com/docket/66607916/debt-cleanse-g...
You'd have to go study the case, but it's a class action case, so it'll hurt if they lose (and even if they don't). The court appears to be consolidating cases into this one, because LastPass has been sued in federal court 15 times so far:
https://www.courtlistener.com/?q=lastpass%20AND%20(caseName%...
I swapped to BitWarden a few years back and there was almost no friction - export from LastPass, import to BitWarden, get used to the inevitable handful of UI quirks, and you’re good to go.
I have been using 1Password for the last several years and am quite happy with them, except for the fact that they basically forced users to use their cloud offering with subscription as opposed to free iCloud storage after 1Password version 7.
Highly recommend Strongbox. The underlying DBs are KeePass DBs and can be stored anywhere as well as opened with any KeePass client, with a UI even better than 1Password (you can have columns for every field) as well as passkey support + export/import (even before the official method came out because they believe in you owning your own data).
I love it because Strongbox also has its own cloud feature (optional) that is just a hosted KeePass DB which makes it easy to have a shared DB with my partner.
The only downside for me: there isn’t a universal search that searches all DBs for credentials. So if you are in a browser and trying to autofill, you need to select the DB you want it to populate from.
> except for the fact that they basically forced users to use their cloud offering
Yeah that's when I left 1P after having bought hundreds of dollars of licenses for myself and my family (for multiple OS).
The other big thing was self hosting the vault. You used to be able to sync the vault with Dropbox and access it from a browser but at some point Dropbox killed public folders. It would have cost 1P pennies to store the vaults of paying customers in S3 buckets. Instead they decided to use that as leverage to force people into subscriptions.
Very happy with Bitwarden now.
Does bitwarden when importing support all data types of 1p ie file attachments and various fields of various entry types?
No. I used both of them when migrating from LastPass, and found that Bitwarden only supports four or five types of entries, which ultimately drove me away from the product.
The rich entry types from 1P and LP are nearly all converted to Notes in Bitwarden. Great product otherwise.
With the way the Apple is going in the UK, I'd rather give 1Password the keys to the kingdom.
Their whole raison d'etre is protecting your passwords. If they start selling people out, their business implodes.
They also keep adding thoughtful tweaks and new features. A couple years back I thought I'd give it a few years and then hop from 1Password to Bitwarden. But Bitwarden's UI and UX is still subpar (doesn't even support drag 'n drop..)*. All Bitwarden does is invest in enterprise features, which mean jack for the average user.
*dragging items from one vault to another, not a hugely important feature but Bitwarden has a thousand of these kind of paper cuts compared to 1Password
>With the way the Apple is going in the UK, I'd rather give 1Password the keys to the kingdom.
What should Apple have done? Defy the government's order? Shut down entirely? They're already fighting it in court.
They didn't criticize Apple, they said they wouldn't trust them with their keys because of the UK's request.
Yes it’s annoying but it also means increased revenue which enables them to invest more in the product.
The new features released since I bought version 6 has me more than satisfied.
Also using a password manager is one of the most effective things you can do to protect yourself and paying a few bucks a month seems like a steal.
Yes, they felt very pushy with this & other tactics to get me to use new features.
That creates distrust in me, so I swapped to BitWarden and haven't looked back.
1password is a good choice.
I'm a bit confused on how the LastPass hack enabled the loss of passwords. I assume it works the way that I understand 1Password to work which should mean this would still be very difficult to impossible to do. Can anyone explain what I'm wrong about in terms of how the password managers work or how LastPass works differently?
So the way that I understand 1Password to work is that the decryption key is split in two: the user's single password + a secret key. You need both to decrypt the vault. The secret key is, again according to my understanding, generated randomly and is like 128bits? Once 1Password generates it and sends it to you (maybe they don't even send it and it is generated locally, I don't know), they never see it again. Thus, even if your vault were stolen, the thieves would need to crack your password (very likely not that secure) but also the 128 bit secret key so you would have a minimum of 128bit security which seems fine?
What's different about LastPass? Were the secret keys stolen somehow too? Were the targets of the stolen vaults then hit with further attacks to extract the secret keys? Does LastPass not use a similar structure as 1Password? Or am I actually not as safe as I thought using 1Password?
LastPass does not use the secret key concept that 1Password uses, it only uses a key derived from your password. After the breach they rushed to increase the hash iterations [1] and added features to let enterprise admins set minimum iterations [2] but of course it was too late at that point.
[1] https://palant.info/2022/12/28/lastpass-breach-the-significa... [2] https://support.lastpass.com/s/document-item?language=en_US&...
Got it, thanks!
Adding on to what others have said, LastPass stored vault "metadata" unencrypted. Metadata included things the url. This allowed the attackers to prioritize cracking vaults of higher value.
See a vault with just a facebook.com and google.com login? Skip it. See a vault with coinbase and 10 other crypto sites in it? Spend a few thousand trying to crack it.
Source: https://github.com/cfbao/lastpass-vault-parser/wiki/LastPass...
I was under the impression that basically lastpass knew your password, 1password does not. Lastpass owned the whole key. With enterprise organizations though we can still reset a users password if they forget so 1password might “know” your password too. Maybe older versions or individual versions are more secure.
It would probably be more accurate to say that LastPass has the information to decrypt your vault if they can guess your password. By contrast 1Password would need to both guess your password and guess your personal secret key. The latter is effectively impossible assuming the key generation was well-implemented. The trade-off is that users must keep track of their own secret keys.
How does that work with sharing vaults between devices?
You have to provide the secret key to each device on initial setup. After that, you just need your password.
What if you're in a foreign location and your devices are all stolen or lost?
You'd have to contact someone to get the secret key from your 1Pass emergency kit, wherever you stored it. That is, unless you can memorize long strings of numbers really well.
Then you have a much bigger and immediate problem at hand.
What do you mean?
There's a tourist experiencing this scenario probably every minute.
This is why 1Password provides an emergency kit where you can record your secret key and store it securely.
How you choose to safeguard it depends on your preferences and your "threat level".
For example, you can keep it in a bank vault or print multiple copies to store it under your pillow, taking a picture, or save it in your email, etc.
Not really. The biggest, most immediate and most threatening problem in this scenario, is inability to access your passwords, and therefore inability to use banking and means of electronics communication.
What if in lastpass you have 2FA?
2FA has nothing to do with the encryption, if that data is leaked.
My understanding is some of the key strength was to low. If 2FA increases the key strength, that should have an impact no?
2FA does not increase the key strength. The key is solely derived from the password. 2FA limits access to somebody who already has the password to get in. The LastPass leak was of a backup, though, for which 2FA does nothing.
I see, that's unfortunate.
I switched away from LastPass after the 2nd major security breach sometime around 2013. Wikipedia only shows 3 total incidents, but I know I've seen reporting on _at least_ 5 between 2010 and today. In that time, I've continued to run into its use at companies, and it's honestly surprised me each time. Something something fool me 5x…
How come this is legal? By now this is a business practice. Why would the government close down a restaurant after food poisoning but do nothing here?this is much worse, considering all this money goes to the axis countries?
I don't think there's anything illegal about being terrible at your job (information security), but I do think it's a tragedy that LastPass has somehow avoided the public shaming they so desperately deserve for their repeated ineptitude.
LastPass understandably finds there to be no evidence linking the two. Uhm, OK.
But what's also hard to believe is that people storing millions of dollars of "collectables" would not change their passwords on at least a yearly basis.
I know that password rotation for its own sake is no longer best practice, but in this case it still seems quite prudent. No?
You can’t change the seed phrase for a derived wallet. You’d have to create a new one and transfer the assets.
Which you should absolutely do when the company storing your seed phrase gets hacked.
glad to see the crypto discussion here getting more nuanced and technical
Me, looking at my local KeepassXC, calm, sticking with it.
This is the kind of control that is really becoming a luxury.
And I don't know how we get back to a simple state; Let's say you're a family of three with shared services and accounts:
Keeping everything under Keepass means handling the file sync between all the devices and OSes, with potentially your credentials flying through third party sync services, thus negating most of the advantages of Keepass.
Moving to something like a self-hosted Bitwarden instance should be the way, but then one member of the family becomes a dedicated lifetime sysop making sure that instance is secure while being accessible anytime from everywhere.
It shouldn't be a luxury, but it unfortunately is due to various big players refusing to play nice together.
If everyone has only apple devices (iphones + macbooks), then you can use a shared iCloud sync'd folder.
Except that doesn't actually work because the majority of iOS apps are incapable of using a shared iCloud folder correctly (including apple's notes app, most of apple's apps) because apple tries to hide the filesystem so much, that even saving a file into a folder is basically impossible for most apps.
That also doesn't work if anyone uses linux or windows because apple refuses to play nice with other ecosystems.
If everyone _doesn't_ use iOS devices, there are dozens of solutions that work well, from a shared google drive folder, to syncthing, but if even one person uses an iOS device, then suddenly none of the shared folders work, because apple has made it so creating a shared folder on iOS is bad for iCloud, but even worse for any third party app (be it google drive, syncthing, an FTP based solution, etc etc).
I guess what I'm saying is that apple tried to kill the filesystem, and in doing so has made it so the very idea of just sharing a folder of files securely seems like a per-app luxury.
Instead you need a shared photo album for photos, a shared notes folder for notes, a shared "apple invites invite" for a calendar event, etc etc. Apple has a lot to pay for, and a hatred for folders that has caused the entire industry to move away from simple secure app-independent sharing is one of them.
Instead, we have a jumble of apps being forced to implement their own sharing concepts poorly and often insecurely.
FWIW, Apple has had at least two partners in crime here - both Google and Microsoft had, and still are, trying to kill the filesystem in this way, too.
The trio mostly succeeded, which is a big part of why modern computing sucks so badly, and is more confusing for non-tech people than what came before, rather than less.
Syncthing works great for this if you have an always on computer. If you don't you can use a server and add it as an untrusted recipient if you have to, though I would not bother since the database is encrypted with your password anyways, and is not vulnerable if you never reuse your db password and there is enough entropy.
And you can use keyfiles that you sneakernet between devices at setup time, so those are never exposed to the syncthing shared folder. I don't think this adds much security since presumably if someone can compromise your syncthing secrets, they could probably grab your keyfile too, but in the event of a syncthing vuln that doesn't lead to other filesystem access, it might help.
I would argue that there is no need to sync all accounts between all devices all the time.
We're holding it wrong ?
The whole point of a password manager is to be reliable when shit hits the fan. If my phone dies I want every changes to be available to the other synced devices, especially when it has been away from home for a while (losing newly created accounts or passwords during a trip is just miserable)
We're holding it differently.
My phone doesn't have my main password safe. I don't trust that thing. If a stupid app decides to log me out, I can't login until I'm back home. I never created an account "on the go", but I had to do a password reset once. I will use a standard password until I'm back and change it to a randomly created one. I can't even login to my bank without a special token device. I don't have that with me either.
A different life is possible. That's all I'm saying.
Understandable.
I'm in a area where my phone might suddenly outlive my house, so we have very different life choices indeed.
I use Strongbox + iCloud Drive + KeepassXC.
As TheDong points out int he other comment, I also had Keepass working well when absolutely everything in the house was Apple.
It went down the drain when I switched to android and the kid to a Chromebook.
This is the proverbial strategy tax working out, where the strong ecosystem play is biting us hard enough. Moving to Windows+WSL actually made my life easier, even as the other member still have some Apple devices.
They can pry my offline key file from my cold dead hard drive. Some things shouldn't be on the internet.
How do you make sure that file does not end up corrupt?
copies and replication
I have used Keepass since before lastpass existed and sync with multiple machines/locations via syncthing (originally synced with rsync)
This. I have enough devices under frequent use of the keyfile that the chance of each of them beings corrupt is extremely unlikely (n>=3 at any given time).
That being said, not an approach useful for all and a good mental model and sharing system with redundant copies on flash media / live systems/ mobile devices can be an effective strategy.
Use case: 10+ year keepass user, never lost a credential or had one compromised that affected more than one account due to breach. Thank you Keepass devs!
So what if it does? Worst case you just go through the account recovery process at each institution. Password managers are a convenience. Data integrity isn’t critical but security is.
> Worst case you just go through the account recovery process at each institution
Well, worst case is your account with Google, which you can kiss goodbye.
But as we all know, that’s security. If the account recovery is the weakest link, it gets attacked.
That's insanity of cybersecurity.
In the real world, there's always a recovery procedure. It might involve visiting a court or some local administrative offices, but you can always recover access to anything that's important.
Not so with Google, or other on-line services that came from the tech industry side. Cybersecurity "best practices" is basically giving you a razor blade, and kicking you out if you hurt yourself with it.
More importantly, how do cloud providers make sure of that?
Why does my USB stick in a fire safe care what cloud providers think?
Redundant encrypted backups, error-correcting codes.
Your hard drive is connected to the internet.
How do you sync it between devices like your phone? What about family sharing or access for emergencies or other such features?
SyncThing[1] works very well for syncing with Android devices, but IIRC doesn't work with iOS.
[1] https://syncthing.net/
I managed to get syncthing working on iOS. It's definitely possible
Actually I don't use it on my phone, at all. Another thing to care less about.
Stick your passwords in the cloud, they said, nothing could go wrong they said.
Lol. I heard someone say that that the cloud was just someone else's data center behind an API but did people listen? Nope.
someone else’s computer
Centralizing everyone’s credentials after all these years still seems like the most risky idea ever. The only thing possibly more attractive to a hacker would be free sex and drugs, but only for a little while, and then they’d go back to trying to steal everyone’s credentials.
Some other targets: everyone’s PII, info on friends, family, pets, answers to security questions, mobile IDs, PIN numbers, account numbers, signatures, photos, fingerprints, voice patterns, facial and retinal scans, gaits, DNA, mitochondrial RNA.
I have similar gripes, but I still feel like on balance, randomizing passwords across accounts is more important. Selfhost vaultwarden ftw (or not — don’t f*ck it up)
> Selfhost vaultwarden ftw (or not — don’t f*ck it up)
Right. Randomizing passwords doesn’t require centralization.
Truly the chain of decisions that got us here is baffling.
"Use random high entropy passwords for each account"
good
"Store them encrypted"
great
"In a computer publicly available on the internet"
wat
"Under an account that also handles your 2fa tokens"
c'mon now!
If you do e2ee correctly this is a non-issue. See 1Password for one way to do to it right.
https://www.bleepingcomputer.com/news/security/1password-dis...
https://www.forbes.com/sites/daveywinder/2023/12/11/android-...
https://www.zdnet.com/article/hackers-stole-this-engineers-1...
How is any of this a threat to 1Password E2EE?
The point is if they even have access to my encrypted data, they wouldn't be able to access the plaintext without the key (and yes the passphrase is not sufficient).
This is just lazy scaremongering.
The point you're trying to make is a trivial one: in the absence of errors, there are no problems.
LastPass e2ee was never the problem in the original story either.
You are wrong, the article posted said the heists happened because of both a breach and cracking master passwords. LastPass E2EE relied on keys from the master password using a password hash that had a low iteration count. Therefore low entropy passphrases could easily be cracked. Furthermore not all data was encrypted. This is all a weakness of their E2EE. 1Password uses both PAKE for remote authentication and a high entropy key (128-bit) and therefore doesn't solely rely on a master password. There is an actual difference.
Of those links you posted, two of them could've equally affected a password manager that was local. All password managers can be subverted by external threats whether using cloud storage or not.
My point is, properly implemented E2EE (hopefully vetted by cryptographers) is marginally different to a password manager using local storage. Sure having it cloud hosted can affect more than one user, but attacking the ciphertext data would be infeasible.
> attacking the ciphertext data would be infeasible
If insufficiently protected, any attack surface may be compromised. It’s just a matter of time, resources, and will.
“The only winning move is not to play.”
I don't know what you mean by insufficient protection, but as I said proper E2EE implementation provides sufficient protection. A symmetric encryption scheme that satisfies IND-CCA2 with a high entropy key is infeasible to decrypt without knowledge of the key. This is well understood basics of cryptography. LastPass failed at the high entropy key part / slow password hash, but also leaking metadata in plaintext. Pretty much other password managers don't have this issue, both local and cloud based.
What do security minded people do about passwords? It seems like you either use the same password for everything, or you need some kind of password manager, but then I'm always worried about having all my passwords in one place meaning they all get compromised instead of just one.
It also feels like there's a convenience tradeoff with a lot of solutions. I could keep a physical binder full of passwords in my home office but that would be a pain to look up and enter things every time (and a big risk for anyone with physical access to my place).
Bitwarden for usability. Vaultwarden if you can and prefer to self host. Being on the internet you'll have to trust someone at some point. Can reduce risk by combining strong 2FA (not SMS/Email) alongside backing up your vault.
Ensure all your passwords get reset at some point after vaulting, long randomly generated from Bitwarden extension/app is easy enough. Ensure you enable strong 2FA at each service you have an account at too.
https://bitwarden.com/help/setup-two-step-login/ https://bitwarden.com/resources/guide-how-to-create-and-stor...
Passkeys tied to actual hardware, like the TPM-based solution in Windows Hello, whenever possible, Keepass where not.
Keepass DB cloud synced, but the passkey file I use in conjunction with a p/w to open it never leaves the machine(s) it's on. Also, key file needs Admin rights to read, so KP is run privileged, which also protects its process memory space from user-land snooping.
Even better than the TPM in Windows is a hardway FIDO2 or OTP key, I'd imagine. Those cannot be comprimised by a virus on your PC in the same way, assuming you don't leave the key in at all times and you only tap the button when explicitly logging into something that would require it.
The TPM is resistant to attacks as well. It requires presence by entering the PIN.
I use a simple algorithm. So you don't actually remember the password, put the algorithm to produce the password for the site or service. Not perfect, but each passwords turns out to be unique (mostly). I don't know what experts think about that, but it has worked fine for me.
The problems with this method are numerous:
* If 1 to N password(s) leak the pattern may be obvious leading to your other accounts being compromised
* Not all sites have the same password “rules” so there is no algorithm that works for all passwords without you being aware of the rules of the given site. Rules that only you only (may) have access to at signup time.
* Typing passwords out manually sucks (slow and error prone)
Numerous is greatly overstated.
1) only matters if you're a very high value target who is being manually target. Doesn't apply to 99.999% of people, who only need to worry about credential stuffing and brute force.
2) Similarly, it's not hard to come up with an algorithm that satisfies 99.9% of websites.
3) To a lot of people, managing a password manager sucks.
I personally do use a password manager and automatically generated passwords, but also understand that for many people it's the better option.
Yes! I'm totally aware, but, for the first point, attacks are generally automated. If someone tries to find the pattern, you are being personally targeted and you have bigger problems. As per number 2, it is true and it sucks big time. As per number 3, I don't really mind much. You don't generally have to use your password every time.
I agree that especially with modern LLMs, I would avoid following patterns like this.
Dedicated 2FA on a hardware device seems pretty resilient, I hope more banks incorporate it instead of SMS 2FA. Hosting vaultwarden also seems pretty good because it’s unlikely for you to be targeted, but requires selfhost maintenance.
But where do you store emergency codes? Or secret metadata for things? I think these are common artifacts to accumulate.
A password manager is ideal for these when security is far more than passwords at this point.
> But where do you store emergency codes?
On paper.
Self hosting a password manager is not trivial but definitely doable
They use 1password.
Remember when LastPass first came onto the scene and everyone thought it was weak and not trustworthy? Pepperidge Farm remembers.
I was recommended LastPass by Lujo Bauer a professor and security researcher that has done a lot of work in password security - but this was in its nascent start-up days circa 2013). I think worse than low iteration count on password hash, I wasn't aware for the time using LP that it didn't encrypt a lot of the metadata and that concerns me greatly. I was and still use a 96-bit passphrase, so I would've been safe from the breaches from an offline attack perspective, but metadata would've been exposed which bothers me. I switched to 1Password in 2017, so hopefully they expunged my data before the breaches, but who knows.
Source? Were those concerns clearly articulated rather than something vague like "password managers are a single point of failure!"?
One thing that I don't see mentioned very often with regards to the last pass breach is that 2fa seeds for their Authenticator product were also compromised and taken. Meaning not only could the attackers gain access to passwords, if you were using last pass for 2fa they had that as well.
Sharing a short post I posted a year ago with some thoughts on password managers.
## The password-management promise
> I don't buy the promise behind 1Password or LastPass.
> You only need to remember one password. The last password you'd need to remember.
> They don't tell you that you're also building a one-stop shop for hackers to steal it all at once.
> The solution?
> Store hints, not passwords.
> Don't reuse passwords. Use algorithmic passwords instead.
> Use passkeys and security keys.
https://sketch.nono.ma/the-password-management-promise
---
I've always preferred 1Password and Bitwarden to LastPass.
I still prefer to encrypt sensitive data and "secure notes" with custom workflows (GPG keys, for instance) instead of relying on third parties, and even more when the data would be store in the cloud, in a centralized location.
I can't imagine the nightmare of having all your secrets exposed, not just for the risk of it but for having to reset all your exposed accounts.
(+1 to GPG encryption.)
I used to be really skeptical of online password vaults. I thought they were an obvious Honeypot begging to be hacked. But if I understand the technology behind 1password correctly, there is literally no way for a hacker to sign into my account on a new device without having one of my other devices or my secret key (the actual 34 digit encryption key used to verify my account and set up new devices).
So even if they know my 1password username and password they still can't really do anything with it. And if they steal my device, they would need to know my login password. Or cut off a finger, I guess, but I've got bigger issues if that happens.
They don't all work this way, but 1Password seems to be by far the best and most secure option, and IMO the convenience of an online password vault simply outweighs the tiny risk with a proper vault like 1password.
No idea why anyone has stayed with LastPass after the fiasco a couple years ago though.
> So even if they know my 1password username and password they still can't really do anything with it. And if they steal my device, they would need to know my login password. Or cut off a finger, I guess, but I've got bigger issues if that happens.
https://xkcd.com/538/
Yeah pretty much.
“Bitcoin has never been hacked”
Don’t have to hack crypto to steal all the crypto.
Bitcoin has never been hacked.
The victims did not practice proper key management. The victims got hacked because of their own insecure key management, not because of any vulnerability in Bitcoin.
To claim otherwise is like claiming that because people can steal improperly secured code signing or TLS certificate private keys, all code signing and TLS certificates are inherently, fundamentally, and automatically broken, which is really just a fundamental misunderstanding of cryptography 101.
You know what every other online money transfer mechanism has? An ability to reverse transactions in the case or error or fraud. Because those things happen all of the time.
Those mechanisms will abuse that power if pressured to do so. Which alternative is best depends on your threat model.
I heard that there some block chain rollback thing that may be possible. I'm with ya. I don't put my money into high risk digital collectibles.
That kind of reversible payment rail can be implemented on top of a base layer like Bitcoin. Like the current banking system, with it's underlying final clearance network between banks.
Worldwide final clearance is a feature not a bug.
> An ability to reverse transactions in the case or error or fraud
Yes and that bug is a risk I weigh when using those money transfer mechanisms
When it fits my risk profile I engage in that transaction
Not hard
Not a matter for an industry regulator or state
Just pure market choice
...in part because transactions can be reversed. The flip-side is that sellers get ripped off often by these reversals.
And also that it gets used as censorship. Paypal did it to Wikileaks.
Not true.
"On August 15, 2010, an anonymous hacker exploited a critical vulnerability in Bitcoin, allowing them to generate 184.467 billion Bitcoin."
Has the dollar been hacked?
Yes. Printing money.
“Store of value”
To the moon.
Still grateful HN has enough crypto rationalists to push back on pyramid scheme noise.
Crypto could be useful — let’s build crypto apps with customer value.
Right now the customers are morally ambiguous nation states and criminals laundering money into real estate and back into fiat currency. Hold the bag.
Right, and its working perfectly for the current bearers of that crypto
The PvP nature is continual demand
I like Bitwarden and selfhost a vaultwarden server on the cheapest instance AWS has. The server only needs to be running when I change the local database. I created a API key with only the ability to start and stop this one instance. The server is only accessible over a Tailscale tunnel so it is extremely secure. It is neat making servers available over a Tailscale tunnel because you don't have to have any open ports at all. I snapshot the instance disk to S3 when it changes. This way i can securely store my passwords on the world's most reliable storage and on my local PC.
The way LastPass had handled the incident back in 2022 is so disappointing. I don’t even how anyone could even recommend using them again.
After my experience with LastPass (and trying to report cryptographic weaknesses), my answer to people considering switching is "RUN DON'T WALK"
https://soatok.blog/2023/01/21/how-you-respond-to-security-r...
And still is disappointing:
> Reached for comment, LastPass said it has seen no definitive proof — from federal investigators or others — that the cyberheists in question were linked to the LastPass breaches. “Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement,” LastPass said in a written statement. “To date, our law enforcement partners have not made us aware of any conclusive evidence that connects any crypto thefts to our incident. In the meantime, we have been investing heavily in enhancing our security measures and will continue to do so.”
So, there's slightly less than conclusive evidence, and how much evidence should you need anyway, given the alternative hypotheses?
What else could you expect? It is their sole product.
Accept the responsibility and declare bankruptcy? No, if they care s little bit, they would have done that 10+years ago
Horrible, and waiting until Christmas week to disclose it while weak master passwords (no min length reqs) and a laughable PBKDF2-HMAC-SHA256 with 5,000 iterations (this was set to 100,100 for new accounts after Feb 2018) let the attackers brute-force their way in…
I think in some cases the iteration count was like 5000.
There were accounts with as few as 1 (yes, 1) PBKDF2 iterations[1]. Others changed theirs to over 300k but it still ended up only being 5000 in reality[2].
So despite the messaging from LastPass about improving iteration count for existing users it wasn't always accurate.
[1] https://news.ycombinator.com/item?id=34152779
[2] https://www.reddit.com/r/Lastpass/comments/zuve7t/cracking_e...
Yeah you’re right— sounds like accounts made prior to Feb 2018 were lower than 100,100. Yikes! Updated my post.
Mine had iteration count 1. I was livid when I found out. Fucking amateurs taking on the responsibility to safeguard everyone's passwords
Didn’t many accounts have 5000 iterations by default
3 Words: 1Password. 1Password. 1Password.
Ok, Im not sure "1Password," qualifies as a single world. Oh yeah, 1Password.
Get rid of passwords or GTFO!
PAKE has been around for about 25 years, and PassKey just works!
It’s 2025, and we have things like PassKey that connects to hardware devices with a challenge response rather than clear text passwords being sent to a website you THINK is the one you’re talking to.
In my opinion Karim Toubba is liable and shouldn't be allowed to have more than 69$ forever.
I don’t totally know what this comment is attempting to communicate, but Karim Toubba apparently had been CEO for 4 months at the time of the original breach:
https://www.cybersecuritydive.com/news/lastpass-ceo-reflects...
I've repeated over and over that password manager services are a horrible idea. Trusting a single service with all your passwords is worse than using the same password for all services (of the same sensitivity level) IMO. The ideal solution is to come up with a secret heuristic to come up with different passwords for different services. I kept getting downvoted for this. Well, IMO, these people deserved to be hacked.
I've never been hacked, never been locked out of any accounts.
I'm getting tired of being proven right about everything over and over after being downvoted. It's a very common pattern for me.
>The ideal solution is to come up with a secret heuristic to come up with different passwords for different services.
How long does it take you to enter several keys of 16+ length for a few sites you might to access? A password manager can autofill, retrieve and input keys, provide an OTP in a few seconds.
Where would you store your emergency codes and other secret-like artifacts?
It just seems impractical for a person, let alone edge cases like sharing, or usability concerns like working with secrets frequently throughout the day.
>I've never been hacked, never been locked out of any accounts.
Due to the strength of your system, general digital hygiene, or simple odds? If we're getting really contrived, how do you maintain confidence your heuristic can't be guessed from X plaintexts obtained from breached sites (highly common)? That's kind of like rolling your crypto, isn't it? -- doing it correctly is beyond almost all of us.
What if you used a password service, but modified the password it puts in manually (and didn't let it update when you log in)? Would an attacker try variations, or just move on when your password manager-provided login doesn't work?
This would probably help a little bit in terms of security but you would still depend fully on your password manager for access to various services. Personally, I don't like the dependency aspect of password managers.
I hate having to log into my password manager first before I can log into the service... And I don't like having to adhere to the whims of the password manager about things like changing my password every 6 months or using certain characters... It's really none of their business to determine what level of security is appropriate for me when trying to access my Instagram account which I barely care about anyway. I'm not some billionaire with teams of hackers trying to crack into my account 24/7.
I hate it when I can't use certain passwords because the password manager thinks it should contain certain characters which I simply won't remember.
I hate when trying to log into LastPass with my master password and I can't remember my password and have to try like 10 permutations to find the one in the format that it forced me to use last time that it forced me to change my password.
I hate getting locked out of LastPass and having to go through its 'Forgot my password' flow only to find out that the password for my email account which receives the email password reset link is also controlled by LastPass... And it's only by the grace of god that I had not trusted LastPass to generate my email password for me and I was able to guess it and didn't end up fully locked out of all my services which I need for my work.
That last experience was so scary, I actually wrote down my LastPass master password on a piece of paper and put it in my desk drawers so that I would not forget it. I know this is insecure but that sort of risk profile is aligned with my current non-billionaire status. Somehow, I don't think North Korea is going to send spies to my house to peak into my desk drawers to break into my work accounts...
Sounds like you don't understand how a password manager works and what it is trying to solve.
Also how is remembering a master password any different to remembering a secret heuristic.
A master password (e.g. to access a password manager) needs to be both remembered and stored somewhere (ie the password manager, not your brain). A secret heuristic doesn't and so is more secure by simply not also being stored somewhere outside your brain.
Depends on the implementation. For example with 1Password it is not stored anywhere unencrypted, it is derived with a slow password hash and mixed with a secret key (this part is stored) to unlock your vaults. You can't access your vault without both.
You asked what the difference was. Simply put, you can't hack what does not exist. LastPass also stores passwords encrypted and was hacked.
In other words, no matter of how well 1Password handles the storing of your master password (encrypted/decentralized or what not), the fact that it does is inherently less secure than something that doesn't store anything at all, such as the case with a secret heuristic.
LastPass didn't properly implement E2EE and because they used a weak password hash which affected low entropy passwords.
> In other words, no matter of how well 1Password handles the storing of your master password (encrypted/decentralized or what not), the fact that it does is inherently less secure than something that doesn't store anything at all, such as the case with a secret heuristic.
When I say 1P stores your master password encrypted, it usually does it as an item in the vault. You can easily remove it from the vault and therefore doesn't store it anymore, and you can have the same security as your secret heuristic. Storing it in your vault is of negligible concern.
You clearly are not a software expert.
If your master password is not stored anywhere, there is no way for 1P to know what your master password is - and so no way to validate what the correct password is to access your vault. Even if 1P doesn't store the master password on local disk, their servers, on a hard device, encrypted, unencrypted, or does it completely algorithmically or whatever... it is in fact stored somewhere outside your brain, and therefore more hackable than something that isn't stored anywhere other than your brain.
It is used ephemerally to unlock your vaults. It isn't stored anywhere. You're really clutching at straws here.
Given a sample set of passwords derived from a secret heuristic, it could be reversed. The secret heuristic isn't completely safe either. Moreover because it lives in your brain the algorithm is inherently low entropy and the resulting passwords will be as well. Furthermore the old adage applies, don’t roll your own crypto.
Your the one that's grasping at straws and doesn't understand that 1P needs to store something in order to validate or generate your master password. The fact that this does happen, makes it less secure in comparison to not storing anything, as you can't hack something which does not exist.
> Given a sample set of passwords derived from a secret heuristic, it could be reversed. The secret heuristic isn't completely safe either.
Sure but this isn't the argument being made. As an analogy, not using any E2E is inherently less secure than using some E2E encryption, but using E2E encryption doesn't automatically mean you're more secure. Simply put, you had asked "What's the difference between a master password and a secret heuristic?" And that difference is a master password (or ways to generate it) must be stored outside your brain, and doing this is inherently less secure than not doing this.
I already told you what it needs to store and it isn’t the master password. No master password needs to be “validated” even when authenticating to 1P servers. You clearly have a fundamental misunderstanding of cryptography. Anyways this is all explained in the 1Password security whitepaper.
No I understand dual key encryption, and like I said, there is still something stored (the key as well as the passwords in the vault). What you do not understand is how this is inherently less secure than not storing anything at all.
To give you a concrete example, 1Password doesn't guarantee you from say, being compromised by a keylogger, and someone stealing your master password (never mind the key which is in fact stored). A secret heuristic doesn't necessarily face such risks. Sure that doesn't automatically mean a secret heuristic guarantees you better security, but that's not the argument.
Sure I’ll cede that storing nothing is safer. Yes an _authenticator_ is stored implicit in the MAC of the ciphertext holding the vault key, so in a way a key stretched version of the master password is validated. So with both a secret key and vault key wrapped ciphertext you can launch an offline attack.
But the keylogger or malware argument is a lazy one tbh, not only does it affect your secret heuristic as any input password is affected, basically no software can be guaranteed to be safe from malware or keylogger except maybe that running in something like a Secure Enclave or if your OS supports secure entry on certain fields (1P on Mac does this). If you’re in that position you got bigger things to worry about anyway.
But anyways it all depends on implementation as I said. 1P also supports passkey unlock eradicating the need for the master password (secret key stays), so you can still have the security you desire, particularly if you use a FIDO2 security key like a yubikey.
I feel like anyone with a visceral reaction to password managers that sync/store on cloud storage do not really understand E2EE. LastPass is really the only exception that didn't implement it properly.
SPoF again..
This is such an under-rated comment for this whole thread.
This was my gut response to password vaults when they were first implemented. I still find the idea of password vaults spooky.
Open source ones scare me because it seems easy to slip a compromised library. The XZ debacle can't be the only time that's been tried.
All of them scare me because a bad browser extension or a more minor hack, like a trojan, could likely compromise all passwords.
Games on steam sometimes have some ridiculously privileged anti-cheat software, run by who knows what company, some of which offer direct RCE, in a process that already looks into other processes memory.
Virus scanners routinely analyze every single file on a computer and maybe memory too.
It just seems so... possible.
In the same league of paranoia someone could do a supply chain attack of your favourite browser engine to siphon cookies, credentials, etc.
New fear unlocked: cloudflare
[dead]