according to recent findings, it is.
Comment on Password managers are less secure than promised
victorz@lemmy.world 3 weeks agoSo by that logic BitWarden is unsafe?
WhyJiffie@sh.itjust.works 3 weeks ago
victorz@lemmy.world 3 weeks ago
But the findings were patched before it was even published from my understanding?
WhyJiffie@sh.itjust.works 3 weeks ago
not all of them, and some changes only apply to new passwords saved: lemmy.ml/comment/24008121
unexposedhazard@discuss.tchncs.de 3 weeks ago
Yes, if you arent self hosting the web interface or using the desktop client.
victorz@lemmy.world 3 weeks ago
But these issues were patched before even publishing the findings, right?
unexposedhazard@discuss.tchncs.de 3 weeks ago
There is no way to patch this. Its an inherent flaw of delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases.
victorz@lemmy.world 3 weeks ago
This feels a bit extreme though. Can you even trust anything online at that point? Do you also never leave your home carrying your wallet in case someone might rob you?
BennyTheExplorer@lemmy.world 3 weeks ago
This comment shows that you know less about computers, than you may think. You can definetly make end to end encryption work using a Website. JavaScript runs client side. So as long as you trust the encryption algorithm (which in elements case you definetly can, because it is OSS), the encryption is safe and your unencrypted data never leaves the device.