• AceSLive@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      From my understanding, none of the last pass master passwords or saved passwords were identified or taken though - they still kept the passwords secure despite hackers accessing files…

    • oceane@jlai.lu
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      You could use Himitsu and sync your passwords across devices with Syncthing, instead of encouraging people to confuse security with pedantry. Cybersecurity measures should be as transparent as possible, and nowadays cumbersome solutions also tend to be insecure. See, for example, pass(1): totally not secure, and also cumbersome to use. Compare that with SSH, developed by the OpenBSD project: it just works, especially by delegating complexity, i.e. by letting users and admins set up another secure channel, via HTTPS, to drop the SSH key.

      The OpenBSD project has also developed doas, signify, libtls, scp, which are all no-brainers. Mastering doas is literally one blog post away.

    • camelCaseGuy@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Let’s agree to disagree. It’s true that these companies are vulnerable and lovely honeypots for hackers. And because they know that, they’ll try to harden as much as possible. Besides, not everyone is willing to create passwords out of algorithms seeded with mnemonics. Most of the people will reuse the same password over and over in different places. And that’s the worst situation, because most of those sites are hundreds of times more hackable than commercial password managers.

      Are there better options than commercial password managers? Yes, of course. How many are willing to use them? Maybe less than 30% of the population. And that’s bad, because it makes the internet less safe for everyone.

      And by the way, the method you use is one of the earliest ways to create passwords and is hackable by brute force in seconds. If I have two or more passwords, or two or more seeds, the algorithm is done unless you have some random generator in it.