Honestly, a blog post explaining how bitwarden protects user data in this context (ex: are usernames, URLs, etc encrypted) would probably be a good thing to be able to link to.Įdit: I know vaultwarden is NOT bitwarden, but if the way the data is stored is similar the usernames, URLs and notes are encrypted in the database. A confirmation from bitwarden staff would be great. To my knowledge, bitwarden encrypts user data more comprehensively, although I do not have first hand knowledge on this topic. This makes it significantly easier for an attacker who has all this data to selectively evaluate the ease of cracking a specific password, and prioritizing higher value targets such as financial credentials. Credential records (username, URL, notes, extra fields, and metadata such as the time the credentials were last used or modified) were otherwise stored unencrypted. I would recommend Bitwarden or the Keepass ecosystem, with Strongbox on iOs and MacOs and KeepassXC on Windows.LastPass only encrypted passwords. They simply don't care about single users and their base anymore, since they got tons of investment money.Īs others pointed out, open source password managers are a better choice. Every move since they started announcing v8 points into corporate market. They are also not good at keeping promises. A user asking about this got the answer, that it's the users fault because users shouldn't have malware on their machines in the first place.Īfter months of public knowledge they hadn't closed this vulnerability but gave the official advice to just not let malware on your machine.
Security audits of 1Password found out about major vulnerabilities in their software. Not enough they claim in several statements that the average user is not smart enough to use their own vault. Instead they force you to save it in their cloud, claiming it would be more secure. Security wise: They stripped away the possibility to save YOUR vault where you want. They don't care about single users anymore. They made a really good password manager but recently they changed their mind and went full corporate market. 1Password is one of the worst password managers.Īgilebits, the creators of 1Password, started with the users in their mind.
0 kommentar(er)
