More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

    • smolyeet@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      The idea is fine. Still trusting lastpass was the bad idea. Others have much better implementations to protector your vault and don’t drop the ball on security time after time.

      • serratur@lemmy.wtf
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        They might have better implementation, but that only means it will take longer time before a data breach happens, it doesn’t stop them.

        • Fisch@lemmy.ml
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          A data breach isn’t an issue by itself. It’s only an issue if it’s possible to decrypt your passwords.

      • evranch@lemmy.ca
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        1
        ·
        1 year ago

        I use Syncthing to keep my Keepass files synchronized on my devices. All the benefits of cloud storage, but my password file never leaves my control.

          • evranch@lemmy.ca
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Personally I don’t like to rely on anyone’s cloud services for mission critical applications like password storage, since they have a history of being discontinued without notice.

            I do trust Mozilla a lot more than Google, though.

            With Syncthing at least if the discovery servers go down you still have a local copy as well as off-site backups, and can easily migrate to some other sync solution as your password manager is not tied to your browser.

            • PlexSheep@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I would argue that email is similarly as critical, yet Selfhosting email is a bad idea practically and from a security standpoint. Your argument does not apply in general.

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      It’s OK as long as you’re the only one with the key to it.

      If your storage provider can decrypt it, so can anybody who hacks them or works for them.

      Sometimes these are the same people.