this post was submitted on 28 Sep 2023
2220 points (98.1% liked)
Memes
45661 readers
1712 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
All vault data has been stolen in the past, and while the data is encrypted, apparently the encryption is not strong enough and there are reports that some of the vault has been decrypted by hackers: https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/
Which you recommend then?
using passwords you can remember instead of An8sdfd8h4indf!id8 just because it's harder to brute force
Passwords you can remember is a problem if you have multiple sites.
While I love XKCDs HorseBatteryStaplerOkay! strategy... that works well for 4-5 passwords, if you have 20+ passwords you'll pretty much wind up re-using, and if it turns out one of the 20 sites had garbage protection and gets fully hacked, any sites you used the same is also going to be vulnerable.
Personally still gotta say go with keepass or bitwarden (selfhosted if possible).