What happens if a password manager gets compromised? Or if it gets shut down?

What happens if a password manager gets compromised? Or if it gets shut down?

Attached: lastpass-android.jpg (1140x665, 44K)

Other urls found in this thread:

passwordstore.org/
github.com/gopasspw/gopass
twitter.com/NSFWRedditGif

If it's Master Password, nothing changes.

dont worry that wont happen tee hee

The company sells off any assets to make a quick buck while getting off scott free and the only people who are blamed are the people who got fucked by a lying company and lost everything.

>every crypto company

>What happens if a password manager gets compromised?
Your passwords should be stored encrypted, so without your master password you're still safe. And these online services make it simple to change your passwords on all accounts you have registered on them.
>Or if it gets shut down?
This is mostly why I use an offline password manager. If my computer is compromised then my password manager will be too, whether it is online (like LastPass) or offline (like KeePass), so I may as well just keep my passwords offline where I have control of them.

>'company shuts down'
>Most crypto are decentralised
I don't think you understand how crypto works.

Crypto being decentralised doesn't make it worth something when the company behind it falls over.
Especially if it is not a giant in the first place. You think BAT will be worth anything if Brave collapses?

Depends on the password manager. If it's some everything-as-a service proprietary software thing, you can't know if your passwords are safe or will stay safe.

If you use "pass" or some such on your own, you only need to worry about your master password encryption becoming unsafe.

I just use a text file that I encrypt and decrytp manually. Literally no reason to fall for the manager meme. Reminder that you can still be tortured for your manager's password, but you can't be tortured to teach the attackers how to use gpg via command line.

>but you can't be tortured to teach the attackers how to use gpg via command line.
Sure you can.

No. You literally couldn't teach most people how to use a CLI if you were being paid to. Let alone under torture.

No, these are better:
passwordstore.org/
Or the implementation I use:
github.com/gopasspw/gopass

Among other reasons, it's the management of these passwords between devices, browser plugin to access the passwords, and so on.

>between devices
If you use your passwords anywhere other than in your main computer, you're doing it wrong.
>browser plugin
If you're using any browser plugins other than an add blocker, you're wrong as well. Even for using a browser that supports adds and plugins in the first place, you're already kinda wrong.

Most people can operate a keyboard and they don't need to become proficient at it. All they need is to decrypt it once.

How can keepass get compromised or shut down?

I'm sure you can exhaustively justify this beyond "it feels unsafe".

You think your main computer has better cryptography than your laptop or smartphone where you also need to, for example, access email, your work VPN or online grocery shopping or whatever? (If you need moar security, use a second authentication factor - some yubikey or something).

> If you're using any browser plugins other than an add blocker, you're wrong as well.
Nonsense. It's simply the case that your self-made solution probably doesn't hold up to the simple and efficient pass or gopass.

Keepass could get compromised but it's not nearly as likely to stay undetected as some networked proprietary software like lastpass becoming compromised.

Just use keepassxc instead

I'm pretty sure lastpass functions offline, so if they shut down just export your vault to csv and move on.
Bitwarden I know does for sure, and unlike lastpass they don't have a master password reset function, and it is FOSS.

keepass or selfhost bitwarden

imagine storing your passwords on someone else's computer

Never use a web service for this. Never upload your password database to any sort of "cloud." Use locally installed password managers like KeePass or something. Bite the bullet and understand that syncing the password database between devices will be a pain, but that's inherently what security is - trading convenience for being more secure.

God tier is writing passwords on a notepad you keep in a locked desk drawer. Ain't nobody on the internet hacking that.

>Most people can operate a keyboard and they don't need to become proficient at it
you'd be surprised

Attached: tumblr_prnin2QPMb1w6gru4o2_540.png (521x739, 222K)

>using the same pass for everything, even priceless important corporate source code

not gonna make it

have you not been paying attention to the huge numbers of crypto companies that shut down and screwed everybody? all the high profile exchanges that stole billions?

mfw I use LastPass and nothing will ever happen to me and Jow Forums has to cope

all online services get hacked/compromised/fucked. it's only a matter of time. print this post out, tape it to your wall and read it again in a year.

>not just using KeepassXC
Your own fault. Just upload the database file to Google Drive if you want to simulate cloud sync.

>not tattooing your passwords on the inside of your eye