Contrary to what password managers say, a server compromise can mean game over.
-
@notyourfanboy @dangoodin That version is not supported anymore, is it? I was forced to use their cloud when upgrading from version 7 to 8.
-
@notyourfanboy @dangoodin I am sorry, I assumed 1Password. Will check out Password Safe!
-
Well, first it's entirely possible that your threat model doesn't really require a nation-state group hacking a Bitwarden server. Beyond that, turn off the key escrow and other features mentioned in the article and you're likely fine.
Likely fine for now, until the next server-hosted "not really zero knowledge" problem is discovered. Very likely, it already has been discovered... So you're down to hoping the discoverer isn't hunting you and your secrets in particular.
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin @briankrebs How many cybersecurity terms have lost their original strong meaning over time? Two-factor authentication, one time pad, military grade encryption, and now zero knowledge. That’s off the top of my head. There must be other obvious ones I’ve missed.
