“LastPass says employee’s home computer was hacked and corporate vault taken”
Discussion
Again? It's like every couple years with these folks.
They were hacked a couple of months ago I think but the news about the hack only gets worse everytime I hear about it
Worst password service ever. I’ve been on Bitwarden for a few years and so far so good
Bitwarden is awesome!
I totally agree. I’ve been using Bitwarden since 2018 in every available platform. No issues whatsoever
Have you all increased the nbr of rotations for your Bitwarden account? If not, go to Account Settings => Security => Keys=> KDF Iterations and make sure it's at least 600000.
Its just a different honeypot.
In what sense? It's open source, has a great reputation, never been hacked (so far) .
LastPass isn't even open source
Sure if you compare them with Lastpass they are the better of the two choices but they still suffer from the trust model.
Since they store so many peoples passwords, they are a massive target for hackers and you have to trust that they are operating securely and their employees will never be compromised.
Nothing is 100% secure and you're only as strong as your weakest link. I used to hang around privacy and security groups and they used to recommend BW was enough for most people. If you're high risk then something offline (pen and paper!) more suitable. I'm not high risk and I don't store my HW wallet keys there. I have security backups saved offline for important sites too. There's always a risk of course.
I just prefer to remove counterparty risk but of course this varies per person. But yea Bitwarden is fine if you're aware of the risks, cetainly better than Lastpass.
I just don't like trusting a company with important data.
Stop using cloud-based password managers (Lastpass, BitWarden, NordPass etc.). They are honeypots for black hats.
KeePassXC + Syncthing
KeepassXC + Yubikey + Syncthing
Why people still trust them?
What would stallman say?
#[1]
I wonder what the "vulnerable third-party media software package" was?
“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,”
just use keepass retard
They should sell the company to a better password manager business... or close down at this point.
Looks like the media package was 'Plex'.
"the media software package that was exploited on the employee’s home computer was Plex"
Massacre
😬
Using a password manager is a security hole, no matter what they promise.