After several years on LastPass, I'm switching to Bitwarden, which I can't stop raving about. Main reasons:
- It's #opensource and openly audited for security and privacy.
- LastPass had a master password breach last year.
- You can self-host Bitwarden for extra security.
- Credential sharing is cleaner.
- The Bitwarden UI is just simpler AND better, in every way.
I know it's weird to get worked up over a password manager, but seriously, give it a try.
@nicole Do you have more information about that master password breach? I've been trying to look it up, but I haven't been able to find anything.
@amandag Sorry, it looks like it wasn't the master password that was taken, but potentially individual site ones. There was a bug discovered that allowed passwords to be stolen via browser extensions: https://arstechnica.com/information-technology/2019/09/lastpass-fixes-bug-that-leaked-the-password-of-last-logged-in-account/
This isn't the first time they've had vulnerabilities pointed out in their extensions.
A few years ago, an attacker got "LastPass account email addresses, password reminders, server per user salts, and authentication hashes": https://blog.lastpass.com/2015/06/lastpass-security-notice.html/
@amandag LastPass says those issues have been fixed, but that's the problem with services where the code is proprietary-- you just have to take their word for it.
I feel safer on an open-source password manager whose code gets thoroughly inspected by everyone.
@nicole Absolutely. I personally use KeePass - which stores its passwords in an encrypted file - together with a file syncing service I run, so I also know exactly what server infrastructure is involved. When it comes to this particular subject I prefer having as much control as possible.
@amandag I also used KeePass for a while, but I missed a lot of the convenience I'd gotten used to with LastPass. Bitwarden is all of the convenience (and more) of LastPass, with the security of KeePass.
*Due to increased bot signup, manual approval is temporarily required. Please write some applicable request text on signup.*
This Mastodon instance is for tech workers, academics, students, and others interested in tech who are LGBTQIA+ or Allies.
We have a code of conduct that we adhere to. We try to be proactive in handling moderation, and respond to reports.
We're not a free speech absolutist. We're not interested in Nazis, TERFS, or hate speech.
This instance is meant to be a friendly, welcoming space to all who are willing to reciprocate in helping to create that environment.
If you’re ever unsure, ask first. Use CWs where required.
If you’re accused of causing harm, either take some responsibility or ask moderators for help.
Our moderators are here to listen and respond to reports.
This instance is funded in part by Patreon donations.