Comment

Comment on Password managers are less secure than promised

They did gove some advice. They said to go with a vendor that is transparent about problems and reveals the results of their third party security audits. I’m sure if you read between the lines it means they likely reviewed several vendors and chose to spend their time attacking ones that are opaque about their security stance and used outdated encryption or bad implementations of E2E encryption. So all three are likely suspect. Like if 1Password were developed similarly to LastPass wouldn’t they have spent time attacking it?

source

Sort:hotnew top

jjlinux@lemmy.zip ⁨17⁩ ⁨hours⁩ ago
About 1password publishing their pentesting results. Why put it behind a ‘give me your email address’ wall?

Image

That alone is enough for me to instantly disregard them as an option.

source
Appoxo@lemmy.dbzer0.com ⁨19⁩ ⁨hours⁩ ago
Bitwarden did so too.

But IMO your assumption is a bit of interpreting bad/malicious faith into it.
I see it more like they are the more publicly known brands/services that do this and underwent the audit.
I have read the TLDR by the authors (linked a few times in the comments) and the answer by bitwarden.
Bitwarden said the, fixed the issue, are in the progress of doing it or are accepting it as “this is intended/a trade-off”.
What is a bit sad is that they had more vulnerabilities than other vendors. But I trust them more as they are mostly OSS.

source