Hacker News new | ask | show | jobs
by n8m8 476 days ago
I have similar gripes, but I still feel like on balance, randomizing passwords across accounts is more important. Selfhost vaultwarden ftw (or not — don’t f*ck it up)
1 comments
sciens3_ 476 days ago
> Selfhost vaultwarden ftw (or not — don’t f*ck it up)

Right. Randomizing passwords doesn’t require centralization.

link
namaria 475 days ago
Truly the chain of decisions that got us here is baffling.

"Use random high entropy passwords for each account"

good

"Store them encrypted"

great

"In a computer publicly available on the internet"

wat

"Under an account that also handles your 2fa tokens"

c'mon now!

link
commandersaki 475 days ago
If you do e2ee correctly this is a non-issue. See 1Password for one way to do to it right.
link
namaria 475 days ago
https://www.bleepingcomputer.com/news/security/1password-dis...

https://www.forbes.com/sites/daveywinder/2023/12/11/android-...

https://www.zdnet.com/article/hackers-stole-this-engineers-1...

link
commandersaki 475 days ago
How is any of this a threat to 1Password E2EE?

The point is if they even have access to my encrypted data, they wouldn't be able to access the plaintext without the key (and yes the passphrase is not sufficient).

This is just lazy scaremongering.

link
namaria 475 days ago
The point you're trying to make is a trivial one: in the absence of errors, there are no problems.

LastPass e2ee was never the problem in the original story either.

link