Hacker News new | ask | show | jobs
by geofft 2471 days ago
No, for all the major / well-respected password managers (and probably for all the minor ones too), all the crypto is done client-side.

1Password, for instance, has a pretty good security doc about it: https://1password.com/files/1Password%20for%20Teams%20White%...
1 comments
wglb 2471 days ago
It is unclear if LastPass is well-respected, and if I recall correctly, at least at one point, the master key was accessible by the server.
link