publicvoit, 17 days ago

@yawnbox Sorry, recommending to put someone's passwords into the #cloud strongly disqualifies the #security authority of its author. 😞

In case you didn't notice: the cloud is a bad idea for personal or sensitive information. https://karl-voit.at/cloud/

yawnbox, 17 days ago

@publicvoit

hello reply guy!

end to end encryption of data synced to the cloud gives considerable control over one's data! which is automatic when using 1Password or Bitwarden!

and I also provided a local password manager as an option, which you so carefully ignored!

both 1Password and Bitwarden meet or exceed OWASP's password storage recommendations (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), which Lastpass did not do!

keeping e2ee passwords in a cloud-synced password manager has way less risks compared to not using a password manager at all! and is ideal for normal, non-technical folks who need ease-of-use while still retaining very high security standards!

cheers!

publicvoit, 17 days ago

@yawnbox

I will reply to this after a security incident of those services as a told-you-so reminder. 😜

Same with closed source solutions, nobody is able to check 1Password's infrastructure (+ configuration) as well as the actual code used. Same for non-self-hosted Bitwarden services which are hard to secure.

Such a high risk for the most sensitive information there is that can be very easily avoided should not be part of any serious security recommendation.

But it's hip. I give you that.