Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.
So no thanks, I don't really wanna go through that hustle.
Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...
The code is open source but you can just use the cloud version.
They don't store your passwords, they store the encrypted version and the master key never leaves your device.
My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.
The code is open source but you can just use the cloud version.
Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).
The problem is that you take their words for granted, call me paranoid, but I never trust these words:
Bitwarden does not store your passwords
Why are you providing me the service then? Nothing comes for free dude!
Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:
My name is Matteo and I'm a cloud solution architect and tech enthusiast. In my spare time, I work on open source software as much as I can. I simply enjoy writing software that is actually useful.
Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes
said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.
If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.
I agree that we can't/shouldn't trust the tools, but the question remains - how do you manage the passwords for the accounts you care about? Either your life is incredibly simple or you have incredibly good memory. (Well, come to think of it, either case would be quite admirable to me.)
I never trust password management tools.
They might collect my passwords and sell those info for some other parties...
Or worse, they might get hacked and all my accounts across the internet would be exposed.
I use simple passwords like (123456) for stuff I don't care about, and different passwords for accounts that I care about.
Use an open source one that encrypts everything
@rhymes
@kriscius
Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.
So no thanks, I don't really wanna go through that hustle.
Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...
The code is open source but you can just use the cloud version.
They don't store your passwords, they store the encrypted version and the master key never leaves your device.
My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.
For why you should use a password manager and not your memory troyhunt.com/password-managers-don...
Troy Hunt is also the person behind Have I Been Pwned, a tool to check if your email is part of various security breaches haveibeenpwned.com/
Its DB of 500 million leaked passwords is also exposed as an API and currently used by various sites to bar people from using leaked passwords again.
Fun stuff 😂
Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).
The problem is that you take their words for granted, call me paranoid, but I never trust these words:
Why are you providing me the service then? Nothing comes for free dude!
Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:
troyhunt.com/have-i-been-pwned-is-...
Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.
If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.
Yeah, the risk of that happening is way lower than you reusing a cracked/leaked password.
Sounds like the thing that would make you happy (and safe) is keepass, synchronised in a way you feel comfortable with.
I agree that we can't/shouldn't trust the tools, but the question remains - how do you manage the passwords for the accounts you care about? Either your life is incredibly simple or you have incredibly good memory. (Well, come to think of it, either case would be quite admirable to me.)
Maybe I have a good memory, and also I help that with the choice of what I call simple-sentence-passwords like
YaserIsHere!I forget some passwords for stuff I don't use often, say DockerHub account, so I simply restore that password by email in seconds.