this post was submitted on 19 Jul 2025
403 points (92.1% liked)

Technology

72957 readers
2988 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
403
Password manager by Amazon (lemmy.world)
submitted 1 day ago by kokesh@lemmy.world to c/technology@lemmy.world
126 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] tabular@lemmy.world 6 points 21 hours ago (2 children)

I've not found anything better. Storing on my computer, or worse someone else's computer, doesn't seem safe.

[–] bdonvr@thelemmy.club 11 points 20 hours ago (2 children)

It's pretty safe. Competent password managers will be heavily encrypted. Having your passwords hacked is essentially unheard of. You don't have to worry about it being on someone else's computer as without your master password the password file is useless.

I think the biggest case was LastPass, and they did it by getting a keylogger onto a developers PC to get at their password, but afaik customer passwords were safe unless your master password was weak or reused from a breached one.

But, a notebook isn't hackable at all. But then the people around you could potentially get into it, which is a far more likely threat for a ton of people.

Either way use 2FA at every site that will allow it.

[–] greybeard@feddit.online 3 points 17 hours ago

LastPass's biggest problem was that they were almost the first in the game, and mistakes/choices they made 20 years ago bit them hard when they got hacked.

There were two major issues with LastPass's security model:

  1. Non-Password data wasn't encrypted. So usernames and urls were visible by the people who stole the vaults.
  2. Passwords were encrypted with a number of iterations based on when the account was created, so older accounts were only run through a single iteration. The iteration process makes it much harder to guess the master password(by making it take a longer time). So single iteration makes it pretty quick to guess the password.

So with flaw 1 you could see what vaults might have valuable passwords like banks and crypto wallets. And with flaw 2 you could reasonably quickly break into the vaults of long time users.

So aside from their lax security allowing the compromise to happen in the first place (Nothing is fool proof), they weren't providing the level of protection most people assumed.

More modern password managers like BitWarden fixed those problem a long time ago.

[–] tabular@lemmy.world 3 points 20 hours ago

One master password to rule them all, One server to find them, One password to bring them all, and in the darkness bind them.

Yeah I use 2FA with the master notebook.

[–] Bonesince1997@lemmy.world 3 points 21 hours ago

The trick is to use code language, and don't forget the code. Then you can use digital sources more freely, I feel.