I'm sure there are many small and maybe large differences on a technical level, but I cant speak to that with confidence.Password vault vendor accused of making a hash of encryption Like Lastpass Bitwarden uses E2E encryption, encryption happens on your device and the people with access to the Bitwarden servers cannot access the contents of your vault, whether those people are bitwarden employees, hackers, or law enforcement doesnt matter, they have no access, and your vault is secure so long as you use a sufficiently complex password. Bitwarden encrypts all fields of the vault While online password managers share much of the same attack surface, there are meaningful differences between Lastpass, Bitwarden, 1password, etc. That said not all password managers of a certain category are created equal. And the more popular a service becomes the more of a target it will be. In my opinion this is naive and unconstructive.Īll online password managers (any any offline password managers where users manually host or backup encrypted password vaults in the cloud) will share some of the same vulnerabilities and attack surface.
No matter how secure the password manager is, you will still be hack if your password is "password123".Ī lot of people here act like Bitwarden has none of the same vulnerability that Lastpass had and it was only due to mismanagement or poor practices. When you use Bitwarden, make sure you create a really long and strong master password and use 2FA that is at least TOTP. Password manager is only as strong as its owner. The idea is that even if hackers can see how bitwarden works, they can't use the knowledge to hack it. Bitwarden's source code is open source so everyone can see the code already. One fear from the LastPass hack is that the hackers stole the source code and the hackers will find vulnerabilities in the code. The reason why you don't want to do this is because encryption is a result of tons of research, reinventing the wheel means you are creating a possibly weaker version. Bitwarden supposedly encrypt all of the fields except the ones that is needed to id the item.Īnother issue is that LastPass appears to be using its own version of AES, the same security expert that reported this indicated that Bitwarden appears to not have this issue.
One issue with LastPass is that they were not encrypting as many fields as expected. Hopefully they are using hardware keys for 2FA, which foiled the same group that hack LastPass.
I am hoping that Bitwarden's security is better than LastPass. Yes, someone could hack Bitwarden and make off with the vault.
0 kommentar(er)
