Say a friend is looking for a new system, and said person is not particularly savvy with technology, what system would you point them toward?
Say a friend is looking for a new system, and said person is not particularly savvy with technology, what system would you point them toward?
Honestly, I can’t understand how browsers are still allowed to store passwords in 2026. That functionality should have been torn out of them half a decade ago for the massive security flaw that it is.
That’s not about BitWarden or 1Password. That was about the password storage system integrated into Waterfox. And no, they are locally stored and relatively safe. I have used that system for 20+ years and I have never had any of my account data stolen.
And I do actually keep them separately and on paper. Laught about it if you want to, but it’s easy and most reliable. I’ve had pc’s die on me, so I’m happy to have it that way.
Why would you trust companies like BitWarden or 1Password? It’s the same as with EncroChat or similar services. Agencies start up a company that promises to protect your sensitive data. Then you give them your sensitive data. But they put a backdoor into their programs. So now they have all your sensitive data. I don’t know who is behind those companies so I don’t trust them. With Mozilla, that’s just an old habit and nothing of essence is in there.
I have a different way to do it, but I’m not going to disclose it here. Just saying that in the last 25 years, not a single one of my accounts got hacked by my fault. I had 1 Ubisoft account hacked, but that was because their servers got hacked and the password was stolen from there.
Because they are end-to-end encrypted, as evidenced by their account-recovery mechanisms: they cannot offer one.
Why? Because the encryption on your data files is based - in small part - on your master password. So if you cannot get back in with your master password, they can’t get in without it, either.
The only exception is corporate accounts, which are linked back to a master account made by your employer, which has rights to access anything in your specific account and who can expose company-wide accounts to you based on groups and rules.
Plus, BitWarden also has the capability to entirely self-host, keeping their public servers and domains entirely out of the loop. It’s just between you and the server you configure yourself.
LastPass had a mere security breach, and they suffered a 50+% market share drop between 2001 and 2024. An active backdoor would drive any company to 0% market share damn quick, which in business terms is called a fatal level of risk – a business killer for anyone in the security industry.
Bitwarden, in particular, has openly committed itself to fighting any attempt to legislate a back door into their product, and - like other companies like Signal - would rather exit an entire market than build a back door into their product.
Wow.
I’m not laughing… I feel sorry for you.
I put the mention of Excel and paper options in as a dare from colleagues. They didn’t think you would out yourself as such a security anti-intellectual.
For the record, not only can you script secure BitWarden exports to your storage enclave of choice, but you can even script exports to KeePass for offline access.
Granted, with an export to KeePass there are things like ToTP and secondary/tertiary URLs that won’t come along for the ride, as it’s not something that KeePass does, but most everything else will.
X-Doubt.
Ubisoft did not store their passwords in plaintext. Those passwords were all hashed appropriately.
If your password was successfully un-hashed and used, it was because either,
In all three cases, it’s user error on your part.
https://haveibeenpwned.com/
Check it out, it’s wild. Betchya more than just Ubisoft will pop up.
Holy shit, this fucking guy.
Correction: They TELL YOU that they can’t offer one. Doesn’t mean there actually isn’t a way. Smartphone messaging apps offer end-to-end encryption. Yet, the NSA can regularly crack those. Why? Not necessarily, because they crack the encryption, but because they crack the keyboard systems you use to input your password. You can do the same with any password manager program.
Only if it’s discovered, properly delegated to the news and so on. And no, an active backdoor would NOT drive any company to 0% market share damn quick. NEWS about such a backdoor do that. And there ARE and were such backdoors. Just look at EncroChat and Microsoft Outlook for example.
Then, you need to learn about NOBUS approaches. If you have a billion dollar NOBUS approach, normal mortals like you and me won’t find those backdoors. And they will be accessed in a very smart way that you will very likely not be aware about.
Yeah, how nice and helpful. That’s surely make me think better of you and not as a salty linux user.
I know, and flash harddrives can fail. And exporting them takes time etc. Putting them on paper is fucking easy. You make a .docx or .txt file, input the information, print and file it and you’re done. Unless there is a fucking fire, that shit is secure for 20+ years without a problem. Your pc can break, your harddrives can break, your USB sticks can break or get lost, but that paper is very likely going to still be there. Plus, it’s super quick to read, transport and update. Bonus points if you use an easy encryption system.
Ah, the good old linux user “I know it all better than you”-bullshit. But no, actually, you’re wrong. I got an e-mail from Ubisoft, apologizing for it, because they did not store it appropriately. And yes, I’m aware of haveibeenpwned.com and I check it once a year or so. And by the way: That website is integrated into the Firefox password manager, so it automatically tells you if such a report exists for one of your passwords. And no, there are not any other password breaches for any of my other accounts in the last 20+ years. So go fuck yourself.
Remember how I said that linux users tend to blame every problem on the user? This is it. I’m sorry, but you’re an ignorant, incompetent hack who pretends to know things he doesn’t know. You know what? Actually I’m not sorry at all.