Comment

Comment on God ****** dammit, here we go again

KairuByte@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago

Just as an example, 1Password has a secondary encryption key that they can’t even recover. If you lose it, you’re fucked. I doubt the chances of that being cracked are any good at all.

source

Sort:hotnew top

sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
Bitwarden has no secondary key, and the master key is never sent to the server. All they get is an email address and encrypted data. If you forget your key, your passwords cannot be accessed, which means an attacker is screwed too.

There are tons of ways to give yourself ways to “recover” your password that don’t compromise you in a breach scenario:

logged in devices - they have the key decrypted and can generate a new one, re-encrypt, and overwrite the data server-side

store a physical copy of the password at home somewhere (notebook?)

share passwords with a trusted person (SO) for critical shared accounts

securely store an unencrypted backup of your password vault (say, on a personal computer with full disk encryption)

Maybe that’s how 1password works, idk, but I do recommend verifying that there’s no password recovery option on whatever password manager service you use.
source