>1. their servers only purpose is to sync encrypted data between your devices, all decryption happens locally
But I can access the web vault from any device. Just need my masterpass. How does this work?
But if I can access the vault from any device, local decryption is kinda pointless. If someone keylogs my master password it's over. If it would be device dependant, it would be more secure.
1 month ago
Anonymous
>If someone keylogs my master password it's over
that's why you use 2FA, which bitwarden supports multiple forms of
A lot of security dudebros absolutely love this slop, but I think it's just placebo. It's in no way superior to just creating a relatively complex password of different Words, upper/lower cases, numbers, and %!$@# symbols and writing it down on a real life paper and then using per need. You can also have systematic passwords that don't require you to look at paper every time you need to use them, like for example.
J0hn@Service*(Dateofbirth+Favorite three numbers)^!
Shit like this is easy to remember if you are not an ape and you can easily login to anything without relying on some application or online slop. But people in general are way too paranoid, you are more likely to lose your desktop computer to your house burning down because you forgot to turn off your stove than you will because of gloweys or le hacker boogeyman. Hacking is dead in 2024, if you have Firefox+uBO/Brave and practice basic online hygiene you will literally never have any interactions with malware or spyware. Only hacks that work nowadays are socially engineered and rely on human error and real life interraction
data breaches never happen. name one time it happened to you in the last 10 years. >dude it happened i saw it on the news
yeah the news that said everyone will drop dead from covid and that putin will start a nuclear war
Why would I put any mental effort into generating/writting down/remembering passwords if I can use a program that does it for me?
because as i said if you are not a brainlet using your brain to remember systematic passwords is not difficult, programs are inconvenient because they add another layer you have to keep up with for no reason
>data breaches never happen. name one time it happened to you in the last 10 years.
AT&T announced a data breach less than a month ago that affected 70 million people
1 month ago
Anonymous
psyop, didnt happen
hi moron, dont you mean m!dw1t#
posting on IQfy as underage is not allowed. refer to faq and lurk moar
1 month ago
Anonymous
hi moron, dont you mean
p0571n6 0n 4ch4n 45 und3r463 15 n07 4ll0w3d. r3f3r 70 f4q 4nd lurk m04r
its 2024, you wouldnt ever find one, and if you did it'd have 2fa so you wouldn't be able to do anything and master password of email is always different from rest of signup sites. you are coping that your password manager system is flawed and a waste of time
If its so secure write them down in this thread moronino
1 month ago
Anonymous
>dude................. if its secure you should give me your passwords and emails and phone number and bank account.........
never mind, calling you password manager homosexuals midwits was an overestimation. i fricking kneel moron bros
1 month ago
Anonymous
you are glowing so hard spreading malicious advices you should kys israelite, I pointed a critical issue to your mechanism but you are shilling so kys
1 month ago
Anonymous
>its da glooooooooooooooooooooowies
cope and seethe brainlet, you are just having a hard time facing reality with realizing your entire security schizo system is not logical and at this point just a matter of cost sunk fallacy and outside influences
1 month ago
Anonymous
aight j0hn@JIDF^(B1gBl4ckC0ck'33)
cool story
1 month ago
Anonymous
i accept your concession sonny, have a good long coping session before sleep alright kiddo? surely the ecelebs you worship didnt get you to consoooooooooooooooom product like password manager thats objectively worthless... no u made that decision because its hecking logical... surely!
That's right. Absolutely every service salts and hashes passwords, and ensures no cleartext passwords don't end up in logs, and sim swapping is a solved issue since every service allows authenticator apps like my banks that love sms.
>its 2024, you wouldnt ever find one,
Kek. Its funny that you assume your password will never be leaked, but yet you're against using a password manager because... reasons?
Wouldn't the same logic apply to the master password of your vault?
>J0hn@doordash*04161972666 gets leaked >hacker tries using J0hn@facebook*04161972666 to log into John's facebook >hacker tries using J0hn@google*04161972666 to log into John's google
dumbass
password management solutions: >KeePass >pass (passwordstore.org)
password syncing solutions: >Syncthing >rsync + ssh >copying your passwords file manually
I'm sure the BitWarden team puts their best effort into syncing passwords securely, but I'd rather not trust another service. It's like using Proton or Tutanota when you could use any other email service (or host your own email server) and encrypt with PGP.
1. their servers only purpose is to sync encrypted data between your devices, all decryption happens locally
2. you can self host if you want to
>1. their servers only purpose is to sync encrypted data between your devices, all decryption happens locally
But I can access the web vault from any device. Just need my masterpass. How does this work?
web vault works the same as any other application
But if I can access the vault from any device, local decryption is kinda pointless. If someone keylogs my master password it's over. If it would be device dependant, it would be more secure.
>If someone keylogs my master password it's over
that's why you use 2FA, which bitwarden supports multiple forms of
buy an ad
Yes. Write down your password on paper, encrypted in a way that only you can understand.
use the vaultwarden version and self-host
A lot of security dudebros absolutely love this slop, but I think it's just placebo. It's in no way superior to just creating a relatively complex password of different Words, upper/lower cases, numbers, and %!$@# symbols and writing it down on a real life paper and then using per need. You can also have systematic passwords that don't require you to look at paper every time you need to use them, like for example.
J0hn@Service*(Dateofbirth+Favorite three numbers)^!
Shit like this is easy to remember if you are not an ape and you can easily login to anything without relying on some application or online slop. But people in general are way too paranoid, you are more likely to lose your desktop computer to your house burning down because you forgot to turn off your stove than you will because of gloweys or le hacker boogeyman. Hacking is dead in 2024, if you have Firefox+uBO/Brave and practice basic online hygiene you will literally never have any interactions with malware or spyware. Only hacks that work nowadays are socially engineered and rely on human error and real life interraction
how is ublock origin gonna protect me from data breaches?
data breaches never happen. name one time it happened to you in the last 10 years.
>dude it happened i saw it on the news
yeah the news that said everyone will drop dead from covid and that putin will start a nuclear war
because as i said if you are not a brainlet using your brain to remember systematic passwords is not difficult, programs are inconvenient because they add another layer you have to keep up with for no reason
>data breaches never happen. name one time it happened to you in the last 10 years.
AT&T announced a data breach less than a month ago that affected 70 million people
psyop, didnt happen
posting on IQfy as underage is not allowed. refer to faq and lurk moar
hi moron, dont you mean
p0571n6 0n 4ch4n 45 und3r463 15 n07 4ll0w3d. r3f3r 70 f4q 4nd lurk m04r
Why would I put any mental effort into generating/writting down/remembering passwords if I can use a program that does it for me?
the third part of your post makes hot
meds NOW
Host it yourself, my current client does
or use something like keepass/restic, only storing the encrypted blobs online
>J0hn@Service*(Dateofbirth+Favorite three numbers)^!
most moronic idea on IQfy this week
midwit
hi moron, dont you mean m!dw1t#
>he doesn't use a 50 character, randomly generated string of alphanumeric text and symbols
just use "password123" at that point
thats not safe doebeithenceforth you should do exactly what i say
>J0hn@Service*(Dateofbirth+Favorite three numbers)^!
Great idea now i can determine all your passwords if one is found
its 2024, you wouldnt ever find one, and if you did it'd have 2fa so you wouldn't be able to do anything and master password of email is always different from rest of signup sites. you are coping that your password manager system is flawed and a waste of time
If its so secure write them down in this thread moronino
>dude................. if its secure you should give me your passwords and emails and phone number and bank account.........
never mind, calling you password manager homosexuals midwits was an overestimation. i fricking kneel moron bros
you are glowing so hard spreading malicious advices you should kys israelite, I pointed a critical issue to your mechanism but you are shilling so kys
>its da glooooooooooooooooooooowies
cope and seethe brainlet, you are just having a hard time facing reality with realizing your entire security schizo system is not logical and at this point just a matter of cost sunk fallacy and outside influences
aight j0hn@JIDF^(B1gBl4ckC0ck'33)
cool story
i accept your concession sonny, have a good long coping session before sleep alright kiddo? surely the ecelebs you worship didnt get you to consoooooooooooooooom product like password manager thats objectively worthless... no u made that decision because its hecking logical... surely!
Holy shit you are a fricking brainlet
The type of moron to roll his own crypto for his own authz
>The type of moron to roll his own crypto for his own authz
Yes, and?
That's right. Absolutely every service salts and hashes passwords, and ensures no cleartext passwords don't end up in logs, and sim swapping is a solved issue since every service allows authenticator apps like my banks that love sms.
>its 2024, you wouldnt ever find one,
Kek. Its funny that you assume your password will never be leaked, but yet you're against using a password manager because... reasons?
Wouldn't the same logic apply to the master password of your vault?
>Not using passkeys
LOL
>passkey
How are passkeys better? What if you lose your device?
https://passkey.org/
You have hardware ones, software ones, bound to your OS, can onboard as many as you want, literally I don't know how one can lock himself out.
Average IT opsec is appalling.
>J0hn@doordash*04161972666 gets leaked
>hacker tries using J0hn@facebook*04161972666 to log into John's facebook
>hacker tries using J0hn@google*04161972666 to log into John's google
dumbass
moron.
>J0hn@Service*(Dateofbirth+Favorite three numbers)^!
>Only hacks that work nowadays are socially engineered
you're not that bright buddy
Just use gnu pass and git
password management solutions:
>KeePass
>pass (passwordstore.org)
password syncing solutions:
>Syncthing
>rsync + ssh
>copying your passwords file manually
I'm sure the BitWarden team puts their best effort into syncing passwords securely, but I'd rather not trust another service. It's like using Proton or Tutanota when you could use any other email service (or host your own email server) and encrypt with PGP.
Just make sure to ratchet so when you're pgp pk inevitably leaks it only impacts the last emails and not every single one ever.
Can I get a quick rundown on racheting?
Encrypt your passwords manually and then store the encrypted text in bitwarden
It's zero-knowledge E2EE, so it's secure enough.
Correct. Being cloudshit, it sucks, glows, is pozzed, etc.
Self-host? Don't bother. At that point, just use pass: https://wiki.archlinux.org/title/Pass
Okay, now show me the management team for whatever services you're using passwords for..I'll wait and see if you produce any non-~~**~~ names
I don't use any services. I just use keepassxc