ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Password Managers

    Scheduled Pinned Locked Moved IT Discussion
    36 Posts 17 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @dashrender said in Password Managers:

      @jasgot said in Password Managers:

      @rojoloco said in Password Managers:

      @eddiejennings said in Password Managers:

      I was a LastPass customer to turned to BitWarden.

      BitWarden here too, still trying to get management buy in to deploy it for everyone.

      @eddiejennings said in Password Managers:

      I was a LastPass customer to turned to BitWarden.

      I'm trying to wrap my head around the idea of my passwords being stored on someone else's storage; in the cloud.

      How do you reconcile this? What specifically makes you think it is safe to do so?

      I have been avoiding password managers for years because I simply don't trust other people or organizations with my passwords. But I am finding the sheer number of password I have -- to be getting too cumbersome to manage; so I am considering it again.

      LastPass was does all the work locally only. Only the encrypted blob and your email address is stored on their system.

      That's normal. I don't know anyone who does it otherwise, that's considered base functionality to be considered a viable password manager.

      1 Reply Last reply Reply Quote 1
      • ObsolesceO
        Obsolesce
        last edited by

        Still using LastPass Families. Works well for us, no reason to switch to something else.

        1 Reply Last reply Reply Quote 1
        • 1
          1337 @scottalanmiller
          last edited by 1337

          @scottalanmiller said in Password Managers:

          You are asking them to store the ENCRYPTED data of your passwords. You don't have to trust anyone. You should still use a vendor you trust, of course, but there's no need for trust. That's the point.

          If you use an online password manager or anything not open source you still have to trust them.

          Because you don't know what they do with your master password, encryption keys and other things.

          Lastpass for example have passed security audits but still have had multiple breaches. There also have been examples of malicious browser extensions grabbing passwords.

          As with anything, "safe" doesn't really mean safe, it means a little bit safe. And often safe enough - depending on what you are protecting.

          ObsolesceO JaredBuschJ 2 Replies Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @1337
            last edited by

            @pete-s said in Password Managers:

            Because you don't know what they do with your master password, encryption keys and other things.

            Last I seen, LastPass doesn't have your master password.

            LP stores a hash of your email address and master password on your computer (not its servers), which it uses as an encryption key to encode your log-in details for other sites (with a 256-bit AES cypher), before storing them on its servers.

            They don't know your details or encryption key, so create a unique ID token for you by hashing your password and local encryption key together. That ID token is then hashed with a random number when you create your account.

            1 1 Reply Last reply Reply Quote 0
            • 1
              1337 @Obsolesce
              last edited by 1337

              @obsolesce said in Password Managers:

              Last I seen

              So you have validated their source code? Or did you read it from their webpage?

              Just to be clear, I'm not saying Lastpass doesn't do what they say they do. I only state that you don't know.

              I'm sure their intensions are good but software is not perfect. That why there are plenty of vulnerabilities and bugs in everything.

              ObsolesceO 1 Reply Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @1337
                last edited by

                @pete-s said in Password Managers:

                That why there are plenty of vulnerabilities and bugs in everything.

                You can't take from them something they don't have...

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @1337
                  last edited by

                  @pete-s said in Password Managers:

                  If you use an online password manager or anything not open source you still have to trust them.

                  You still have to simply trust open source.

                  Can you read all the code and know that their encryption is valid? That there are no exploitable bugs?

                  1 1 Reply Last reply Reply Quote 4
                  • 1
                    1337 @JaredBusch
                    last edited by 1337

                    @jaredbusch said in Password Managers:

                    @pete-s said in Password Managers:

                    If you use an online password manager or anything not open source you still have to trust them.

                    You still have to simply trust open source.

                    Can you read all the code and know that their encryption is valid? That there are no exploitable bugs?

                    True, but it a lot easier to put more trust in something that is completely transparent and can be verified by independent sources.

                    1 Reply Last reply Reply Quote 0
                    • EddieJenningsE
                      EddieJennings
                      last edited by

                      For what it's worth: https://github.com/bitwarden

                      scottalanmillerS 1 Reply Last reply Reply Quote 2
                      • scottalanmillerS
                        scottalanmiller @EddieJennings
                        last edited by

                        @eddiejennings said in Password Managers:

                        For what it's worth: https://github.com/bitwarden

                        Yeah, that's what makes it my top choice today, I think.

                        1 Reply Last reply Reply Quote 0
                        • K
                          krzykat
                          last edited by

                          People that are using bitwarden, are you self-hosting?

                          black3dynamiteB V scottalanmillerS 3 Replies Last reply Reply Quote 0
                          • black3dynamiteB
                            black3dynamite @krzykat
                            last edited by

                            @krzykat said in Password Managers:

                            People that are using bitwarden, are you self-hosting?

                            No

                            1 Reply Last reply Reply Quote 0
                            • V
                              VoIP_n00b @krzykat
                              last edited by

                              @krzykat no

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @krzykat
                                last edited by

                                @krzykat said in Password Managers:

                                People that are using bitwarden, are you self-hosting?

                                No, but it is on our radar to consider soon as we keep growing and it becomes more important, and more cost effective, once you get to any size.

                                1 Reply Last reply Reply Quote 1
                                • jt1001001J
                                  jt1001001
                                  last edited by

                                  New gig is using Bitwarden, converting from Zoho Vault

                                  1 1 Reply Last reply Reply Quote 1
                                  • 1
                                    1337 @jt1001001
                                    last edited by

                                    @jt1001001 said in Password Managers:

                                    New gig is using Bitwarden, converting from Zoho Vault

                                    Interesting. Is it self-hosted? Do you know the reason for the move?

                                    jt1001001J 1 Reply Last reply Reply Quote 0
                                    • dafyreD
                                      dafyre
                                      last edited by

                                      Yet another +1 for using Bitwarden and not self-hosting. I actually did self-host it for a bit a couple of years ago, but changed my mind and moved to their hosted service.

                                      1 Reply Last reply Reply Quote 0
                                      • jt1001001J
                                        jt1001001 @1337
                                        last edited by

                                        @Pete-S I have no idea why they moved. I guess the higher ups want to migrate? Cost I think is about the same. We are not self hosted only 15 users so far

                                        1 Reply Last reply Reply Quote 1
                                        • jclambertJ
                                          jclambert
                                          last edited by

                                          Bitwarden for home, and Dashlane at work currently

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            JasGot
                                            last edited by

                                            So I have been using BitWarden since this conversation started. I have to say I like it. I think I am ready to remove all the saved passwords from Edge and Chrome. Would this be the next step?
                                            It's a wee bit scary. But BitWarden does claim to have the same number of passwords as my Edge and Chrome, and the BitWarden password tool is working! 🙂

                                            dafyreD 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post