In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…

  • Xavier
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    11
    ·
    1 year ago

    These online password manager services are all half-baked scams that get away scot-free in any event of a breach (whichever the ones they just cannot silently hide away).

    Only when/if they offer a minimum compensation backed by third party reputable Surety Insurance of at least US$5000 for every single breach for each compromised password/key/wallet/service for each effected customers would I even consider take a gander at their “unbreakable/unhackable” password manager service.

    Until such a day arrives, I will continue to use FIDO2 hardware keys (Yubikey), asymmetric certificate pairs (gpg2, SSH, TLS, etc…) and the good old remember all my darn long passwords in my brain for symmetric ciphers (rjindael, serpent, chacha20, etc…) with the added help of Argon2id whenever implemented/available.

    I sure hope companies becomes financially liable and accountable for all their privacy/security breaches unlike the last few decades of no consequence or just getting away with a negotiable fine.