Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
  • sugar_in_your_tea
    3·
    1 year ago

    Another reminder to not put all your eggs in one basket. Maybe this will convince me to self-host my password manager.

    • ALERTEnglish
      7·
      1 year ago

      vaultwarden is perfect. go ahead and host it!

    • Tail
      4·
      1 year ago

      Better yet keep it all offline

      • sugar_in_your_tea
        2·
        1 year ago

        Nah, the UX of a browser extension is really nice, especially since it seamlessly syncs between my phone, work computer, personal laptop, and personal desktop.

        That said, I would never put cryptocurrency keys in the cloud, that stays offline. But bank accounts have insurance and most other important services have MFA, so just moving my passwords to a self-hosted server is good enough for me.

      • folkrav@lemmy.ca
        1·
        1 year ago

        I’m not too sure that the relative additional security, considering most people’s threat models, really justifies this much inconvenience. YMMV I guess.

    • spaghettiwestern
      4·
      1 year ago

      In 2015 when Lastpass was purchased by Logmein was what convinced me to move to Keepass and ultimately KeepassXC. Syncthing on Linux, Android and Windows, a complex password and separate key file provide multiple layers of security. It works reliably and provides easy access to login information on any device.

      • sugar_in_your_tea
        4·
        1 year ago

        I’ll have to look at it again, but the last time I did, the inconvenience of it not being integrated with my browser kept me away. Bitwarden has been audited, is open source, and can be self hosted.

        • spaghettiwestern
          3·
          1 year ago

          KeepassXC has a browser addon that works well for most sites, but I don’t think you can go wrong with Bitwarden either.

          • sugar_in_your_tea
            1·
            1 year ago

            I’ll have to look into it again.

            Is there anything for Android autofill in apps? It’s not a deal breaker, just nice to have.

            • decisivelyhoodnoises
              3·
              1 year ago

              Keepassxc has a keyboard which you can change to and it fills fields without typing (you need to type your master password though)

              • sugar_in_your_tea
                1·
                1 year ago

                Does it stay unlocked for a while (say, an hour or so)? If so, that’s absolutely an option. I use a very long password, so having to do it every time would be extremely tedious.

            • spaghettiwestern
              2·
              1 year ago

              There is, but I can’t tell you anything except that it exists. I use passwords so infrequently on Android that I’ve never bothered with it.