Password managers don’t protect secrets if pwned
www.theregister.com
: Researchers demo weaknesses affecting some of the most popular options

cross-posted from: https://infosec.pub/post/42164102

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

      • ScoffingLizard@lemmy.dbzer0.com
        3·
        6 hours ago

        I have a degoogled phone with e/OS. I might try if they get a bit further into my use of their products and security. It sure would simplify methods.

        • muhyb@programming.dev
          0·
          4 hours ago

          I have a similar setup with LineageOS. I use KeePassXC on PC (KeePassDX on Android). I can sync them via Nextcloud with peace in mind because the database is already encrypted. Syncthing-fork also works if you want completely local.

          I’m sure e/OS already has a password vault app in their list but if not KeePassXC is fully local out of the box and can be used with DX on Android.

          It’s far secure than Firefox’s built-in password manager.

      • ScoffingLizard@lemmy.dbzer0.com
        11·
        6 hours ago

        I have a few that I just have off the wall for a few things and I memorize those. Some I just use ssh keys. Others go off a pattern and I put hints in a file to figure it out. The account itself is not even put in this file, so I have to just know what the hints mean for both the account and what password pattern hints go with them. Usually, the user IDs are something I store in this file, because those get too tough for the aforementioned methods of determinism.