Comment on Password managers are less secure than promised
unexposedhazard@discuss.tchncs.de 1 month ago
OMFG can people please fucking go away with this stupid “password managers are worthless” bullshit today. They are exactly as secure as promised, unless you went to the obviously shady ones that use web interfaces. People have been saying this for years, if you want security, keep your password manager offline.
victorz@lemmy.world 1 month ago
So by that logic BitWarden is unsafe?
unexposedhazard@discuss.tchncs.de 1 month ago
Yes, if you arent self hosting the web interface or using the desktop client.
victorz@lemmy.world 1 month ago
But these issues were patched before even publishing the findings, right?
unexposedhazard@discuss.tchncs.de 1 month ago
There is no way to patch this. Its an inherent flaw of delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases.
WhyJiffie@sh.itjust.works 1 month ago
according to recent findings, it is.
victorz@lemmy.world 1 month ago
But the findings were patched before it was even published from my understanding?
WhyJiffie@sh.itjust.works 1 month ago
not all of them, and some changes only apply to new passwords saved: lemmy.ml/comment/24008121