Password Manager - How Secure?

smhto on 16/11/2022 - 21:42

With the recent wave of hacking activity in Australia and around the globe, am I better off just using Chrome or sticking to the likes of LastPass

Computing Password Manager

Comments

  • Mechz on 16/11/2022 - 21:45
    +5

    For me, using Google to store your passwords is too many eggs in one basket.

    • CyberMurning on 16/11/2022 - 21:47

      Its bad because when you go to toilet someone can just login to your bank (assuming no 2fa)

      Lastpass etc will ask password before filling your details

      • Mechz on 16/11/2022 - 21:55

        Like at work or home? Do you not lock your computer or phone?

        I only have a few accounts where I actually keep cash and those passwords and usernames I commit to memory.

        • CyberMurning on 16/11/2022 - 21:59

          Still you have few now but more later and all become too late. 2 sites with the same password isnt good doesnt matter what kind of website

  • CyberMurning on 16/11/2022 - 21:48
    +3

    But yes i cant imagine if bitwarden got hacked…. i will be crying… maybe impossible?

    • SBOB on 16/11/2022 - 21:59
      +7

      your blob on the cloud is very well encrypted
      use a decent master password on bitwarden, and enable 2fa

      Noting that this doesnt prevent most of the recent data breach issues, as username/password info is only going to prevent someone logging in with your credentials.

      Hackers accessing back end systems will exfiltrate your information (eg Optus, Medibank) regardless of how secure your username and password is

      • CyberMurning on 16/11/2022 - 22:00

        And bitwarden has a setting to prevemt new device to login

      • freefall101 on 17/11/2022 - 00:44
        +4

        This is the key difference, Bitwarden doesn't have access to the unencrypted data whereas Optus/Medibank do. Once you get into the backend of Bitwarden, all you have access to is the encrypted password file, which is still useless. With Optus/Medibank everything was there for the taking.

        • SBOB on 17/11/2022 - 06:19

          Generally, you would hope that the servers aren't storing passwords in plain text, and are salted and hashed.
          Using unique password all sites solves that worry even if they dont (but again, wouldn't have stopped Russia knowing your Medibank history or an API exposing the ID information you have to Optus).

  • Typical16-bitEnjoyer on 16/11/2022 - 21:48
    +6

    Bitwarden

    • Shoocat on 16/11/2022 - 22:24
      +3

      Bitwarden plus Yubikey authentication for new device logons is very secure.

  • AustriaBargain on 16/11/2022 - 21:49

    Use KeyChain. Have a very strong password on your iCloud account. Use two factor.

    • MuddyClear on 03/02/2023 - 07:35

      Unfortunately if your phone is compromised via fishing scams, which is very common, the hacker can wait until you unlock your keychain to obtain your passwords. They can also intercept your phone one time passcodes of MFA/2FA.

      Physical security keys like those from Yubico are the only fail safe way to protect your data. Services that support it will charge you a premium to use it like 1password, lastpass, bitwarden etc.

  • jv on 16/11/2022 - 22:12
    +1

    Password Manager - How Secure?

    I just let Optus manage all my passwords but considering moving to an Excel spreadsheet.

    That way I can print off some copies for backups and store offsite….

    • whatwasherproblem on 17/11/2022 - 15:08

      Excel is awesome because when they screw up, they just get the rest of the world to change instead so that their screwup isn't a screwup anymore. (Exhibit A, and Exhibit B.)

  • boomramada on 16/11/2022 - 22:13

    I trust google 😉

    • jv on 16/11/2022 - 22:25
      +1

      I just Googled one of my passwords and it came up with 112,458 matches. So it is really good at storing them.

      • boomramada on 17/11/2022 - 00:02
        +2

        Was it Abc124?

  • thatonethere on 16/11/2022 - 22:17
    +1

    While tempting dont use Chrome. Have seen people get totally owned for every saved password in Chrome. Eg stuff like Redline.

  • realaaa on 17/11/2022 - 09:40
    +1

    how good is Last Pass these days guys? asking for a friend :)

    • AusRetro on 17/11/2022 - 21:38
      +5

      Last Pass is ok. I'd say look into Bitwarden as the free version vastly outcompetes LastPass free in every way.

    • tardis3 on 19/11/2022 - 09:09

      and Lastpass was hacked again https://blog.lastpass.com/2022/08/notice-of-recent-security-…

      Better to go with Bitwarden

      • SBOB on 19/11/2022 - 10:59
        +3

        Their dev environ was breached and parts of their source code etc obtained

        The entire idea behind a password manager is that it doesn't matter if the cloud or storage hosting your blob is taken. It should be encrypted enough to be effectively worthless, assuming you used a good vault password

        I would still use (and do) bitwarden though. Open source, not owned my LogMeIn, and even the free tier offers everything most people would need including the ability to share a group/folder with someone (ie husband and wife shared passwords)

  • shaybisc on 18/11/2022 - 07:40

    Hackers are not even remotely interested in extremely difficult if not impossible targets like Bitwarden when there is an unlimited amount of low hanging fruit protected by dummies, corporate and private, to feast on.

    • MuddyClear on 03/02/2023 - 07:42
      +1

      No. If hackers were interested in lastpass then other password managers would also be of interest to hackers.

Login or Join to leave a comment
Login Join