I believe Proton Pass does not have the design flaws shown in the article. For instance, if you lose your password, you lose your data. Your data is encrypted and decrypted on your device.
Comment on Password managers are less secure than promised
eatsnutellawivaspoon@feddit.uk 4 weeks ago
I use one of the password managers mentioned in the article, purely for the convenience of apps on all my devices, syncing and complex individual passwords. Should I be looking to move to self hosting something instead? Would my host (likely a synology Nas or raspberry pi) not then have the same risks?
iglou@programming.dev 4 weeks ago
cmhe@lemmy.world 4 weeks ago
This is what all the listed password manager claim.
cmhe@lemmy.world 4 weeks ago
Security through layers. The flaws are about compromised server, so hosting your own server is a good first step. Next step is making the server only accessible via your own VPN. And of course hardening the server.
cevn@lemmy.world 4 weeks ago
I self host via vault warden. And I have it locked behind tailscale vpn. Aside from your server itself getting hacked, which is a risk, this is more secure than having passwords on the public internet.
eatsnutellawivaspoon@feddit.uk 4 weeks ago
I host a pi hole via diet pi already, vault warden is packaged for diet pi already, project for the weekend!
cevn@lemmy.world 4 weeks ago
Love the raspis, just make sure the passwords are not stored on the sd card because those fail all the time hah.
eatsnutellawivaspoon@feddit.uk 4 weeks ago
Good shout! Easy to mount a folder from my Nas on it though