according to recent findings, it is.
Comment on Password managers are less secure than promised
victorz@lemmy.world 5 days agoSo by that logic BitWarden is unsafe?
WhyJiffie@sh.itjust.works 5 days ago
victorz@lemmy.world 5 days ago
But the findings were patched before it was even published from my understanding?
WhyJiffie@sh.itjust.works 5 days ago
not all of them, and some changes only apply to new passwords saved: lemmy.ml/comment/24008121
unexposedhazard@discuss.tchncs.de 5 days ago
Yes, if you arent self hosting the web interface or using the desktop client.
victorz@lemmy.world 5 days ago
But these issues were patched before even publishing the findings, right?
unexposedhazard@discuss.tchncs.de 5 days ago
There is no way to patch this. Its an inherent flaw of delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases.
victorz@lemmy.world 5 days ago
This feels a bit extreme though. Can you even trust anything online at that point? Do you also never leave your home carrying your wallet in case someone might rob you?
BennyTheExplorer@lemmy.world 5 days ago
This comment shows that you know less about computers, than you may think. You can definetly make end to end encryption work using a Website. JavaScript runs client side. So as long as you trust the encryption algorithm (which in elements case you definetly can, because it is OSS), the encryption is safe and your unencrypted data never leaves the device.