Comment on Password managers are less secure than promised
unexposedhazard@discuss.tchncs.de 6 days ago
OMFG can people please fucking go away with this stupid “password managers are worthless” bullshit today. They are exactly as secure as promised, unless you went to the obviously shady ones that use web interfaces. People have been saying this for years, if you want security, keep your password manager offline.
victorz@lemmy.world 6 days ago
So by that logic BitWarden is unsafe?
unexposedhazard@discuss.tchncs.de 5 days ago
Yes, if you arent self hosting the web interface or using the desktop client.
victorz@lemmy.world 5 days ago
But these issues were patched before even publishing the findings, right?
unexposedhazard@discuss.tchncs.de 5 days ago
There is no way to patch this. Its an inherent flaw of delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases.
WhyJiffie@sh.itjust.works 5 days ago
according to recent findings, it is.
victorz@lemmy.world 5 days ago
But the findings were patched before it was even published from my understanding?
WhyJiffie@sh.itjust.works 5 days ago
not all of them, and some changes only apply to new passwords saved: lemmy.ml/comment/24008121