In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…

  • treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 年前

    Password vaults are great! Giving them to a central authority is… a little risky though. LP has a pretty decent history other than this, so I don’t fault anyone for using them. But after that breach, it’s probably good to consider those creds burned and recycle them.

    A good self-hosted alternative might be something like Keepass on Syncthing. Though a downside of that is that you might be even less likely to know of a vault exfil than a service like LP.

    Either way you go, it’s good to recognize the limiations and act accordingly.