257
Why the ‘mother of all breaches’ is a wake up call for everyone
(www.itpro.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Jan 2024
257 points (93.3% liked)
Technology
57226 readers
4322 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Definitely recommend a password vault to anyone that doesn't already use one. After this next hack leaks, I imagine you'll get at least a couple of attempts on your email/phone.
I had an identity theft a few years back, still cleaning up from it. At the time I had the typical set of standard passwords that I would use. I thought they were ok since they were pretty random but I had one for Financial, one for Web Services, etc. so of course when the creds leaked, I suddenly had a bunch of credit card bills I never signed up for..
Since then, every password is unique, my default is 31 characters, and 2-factor for everything possible. Unfortunately I initially settled on LastPass, figured that they had hopefully learned their lesson from their breach years ago. Then it happened again recently and I moved to Bitwarden so that I can eventually migrate to a self-hosted solution.
I've been trying to get my family on board for years but it's still too complex. Non-technical folk still will take the path of least resistance, even when the dangers are right in front of their face. We need something better.
Who do you recommend?
Keepass is probably the most secure, but was a pain for multi device / multi OS users last time I used it.
Currently I use Bitwarden. You can either use their backend or you can self host. Cross platform, multi device support, 2FA support.
I use Keepass with Syncthing as the sync backend. Syncthing comes as a Docker container these days and sets up in seconds, I like how it doesn't rely on a central server and gives you some redundancy.
Also, Keepassxc is a rewrite with better integration, true cross platform support and more features, keepassxc.org
Thoughts on 1Password?
They are okay, but I had massive problems with their browser plugin after a while and moved to bitwarden
I don’t know much about them to be honest, and what little I have heard sounded like it was paid for. My knee jerk reaction is to avoid them. Maybe they’re decent, maybe not. Couldn’t say.