Recent searches
Search options
@atoponce@fosstodon.orgIf you use an online cloud-based password manager (E.G., #LastPass, #1Password, #Bitwarden, #Dashlane, etc.) how concerned are you about supply chain attacks?
@atoponce I should note that my personal use case is VERY much personal.
Were I using it in a business context my risk/value analysis might differ dramatically, but for my family, I deem the risk of a supply chain attack to be nothing compared to the risk of leaky error prone humans using bad passwords :)
And using a non cloud password manager is a non starter, especially for my wife.
Ⓥ
(he/him) @atoponce I use Password Store for a few reasons:
1. I *know* that all encryption happens locally.
2. I *know* that every decryption requires 2FA or access to our desktop (all mobile access requires my Yubikey for decryption).
3. What is uploaded is extremely clear (because I can just go to my private Gitlab repo and see which files are there and how they are stored).
Nothing else provides this level of transparency.
@atoponce my more sensitive passwords are only partially stored in my own manager out of this concern. I just wish @bitwarden had an option to stop asking to update those codes.