More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists
deleted by creator
The idea is fine. Still trusting lastpass was the bad idea. Others have much better implementations to protector your vault and don’t drop the ball on security time after time.
They might have better implementation, but that only means it will take longer time before a data breach happens, it doesn’t stop them.
A data breach isn’t an issue by itself. It’s only an issue if it’s possible to decrypt your passwords.
deleted by creator
I use Syncthing to keep my Keepass files synchronized on my devices. All the benefits of cloud storage, but my password file never leaves my control.
I do exactly this.
Great idea! I rely on Firefox’s service, would you recommend I switch?
Personally I don’t like to rely on anyone’s cloud services for mission critical applications like password storage, since they have a history of being discontinued without notice.
I do trust Mozilla a lot more than Google, though.
With Syncthing at least if the discovery servers go down you still have a local copy as well as off-site backups, and can easily migrate to some other sync solution as your password manager is not tied to your browser.
I would argue that email is similarly as critical, yet Selfhosting email is a bad idea practically and from a security standpoint. Your argument does not apply in general.
It’s OK as long as you’re the only one with the key to it.
If your storage provider can decrypt it, so can anybody who hacks them or works for them.
Sometimes these are the same people.