according to recent findings, it is.
Comment on Password managers are less secure than promised
victorz@lemmy.world 1 month agoSo by that logic BitWarden is unsafe?
WhyJiffie@sh.itjust.works 1 month ago
victorz@lemmy.world 1 month ago
But the findings were patched before it was even published from my understanding?
WhyJiffie@sh.itjust.works 1 month ago
not all of them, and some changes only apply to new passwords saved: lemmy.ml/comment/24008121
unexposedhazard@discuss.tchncs.de 1 month ago
Yes, if you arent self hosting the web interface or using the desktop client.
victorz@lemmy.world 1 month ago
But these issues were patched before even publishing the findings, right?
unexposedhazard@discuss.tchncs.de 1 month ago
There is no way to patch this. Its an inherent flaw of delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases.
victorz@lemmy.world 1 month ago
This feels a bit extreme though. Can you even trust anything online at that point? Do you also never leave your home carrying your wallet in case someone might rob you?
BennyTheExplorer@lemmy.world 1 month ago
This comment shows that you know less about computers, than you may think. You can definetly make end to end encryption work using a Website. JavaScript runs client side. So as long as you trust the encryption algorithm (which in elements case you definetly can, because it is OSS), the encryption is safe and your unencrypted data never leaves the device.