| ▲ | WolfeReader 6 hours ago |
| Please use a dedicated password manager, instead of a browser-based one. KeePass is likely the best going forward. |
|
| ▲ | sedatk 6 hours ago | parent | next [-] |
| @taviso had claimed the exact opposite: https://lock.cmpxchg8b.com/passmgrs.html EDIT: Yes, he claimed that for online password managers, not keepass. I thought the argument was about password managers in general. |
| |
| ▲ | echelon_musk 6 hours ago | parent | next [-] | | Where? > Good examples of simple and safe password managers are keepass and keepassx | |
| ▲ | WolfeReader 6 hours ago | parent | prev | next [-] | | Browser-based password management serves the purpose of locking users into a specific browser; I'd much rather have the freedom to switch browsers at will without the cognitive tax of securely moving all my creds every time I want to switch my main browser. | | |
| ▲ | sedatk 6 hours ago | parent [-] | | I agree. It's especially problematic when you use different browsers on different devices and operating systems. |
| |
| ▲ | busterarm 6 hours ago | parent | prev [-] | | That's not what that is saying. It's saying don't use an _online_ password manager instead of the browser one. In the very opening they state that simple implementations are great and even lists some. Then the rest of the article dives specifically into online password managers, which are something else. | | |
|
|
| ▲ | 75central 6 hours ago | parent | prev | next [-] |
| Out of curiosity, why KeePass versus Bitwarden? I've been using Bitwarden for years, but if there's a specific reason I should be using KeePass instead, I'm open to changing. |
| |
| ▲ | dcanelhas 6 hours ago | parent | next [-] | | KeePass is just an encrypted database file with UI around it for usability. You can keep the db on a USB drive, sync it through a cloud storage, e-mail it to yourself, whatever ... It's really not that complicated. BitWarden is the above as a service, I reckon. Nb. The above refers to KeePassX. No idea what the KeePass without the x is about.
Naming things. So hard. | |
| ▲ | kelvinjps10 5 hours ago | parent | prev | next [-] | | Bitwarden is cloud bases keepass is local | |
| ▲ | justsomehnguy 4 hours ago | parent | prev | next [-] | | It's a program with a file database. No fancy browser plugins, the ability to autotype, the db file could be synced with anything you can sync files. Working search - not sure about BW, but it's opensource implementation (Vaultwarden nowadays?) simply didn't allow to search for the fields you didn't scroll yet to. The biggest problem is lack of multi-edit functionality - you need keep it in mind if you leave somehwere a copy running 24/7. | |
| ▲ | WolfeReader 6 hours ago | parent | prev [-] | | Bitwarden has taken investor money, sadly. It's still in good shape for the moment. But the time will come when they place profits above other needs; it's a matter of when, not if. | | |
| ▲ | jazzyjackson 5 hours ago | parent [-] | | Luckily offering enterprise / credential sharing features is a decent freemium model. It still wins out in keeping compatibility with self hosted vaultwarden, are there other extensions that let you point to your own domain for the encrypted blob storage? |
|
|
|
| ▲ | Someone1234 6 hours ago | parent | prev [-] |
| If it is a process, running in the same user context, with the ability to read/dump arbitrary memory -- As the KeePass database is decrypted it would "store all passwords in memory in plain text" too. The fix isn't Edge Vs. Chrome. Vs KeePass Vs. Bitwarden, it is "How do I have my passwords exist in a different execution context than [evil process able to read all memory]?" Android and iOS have an "answer" to this problem. Desktop OSs having all processes running side by side in the user's execution context, do not. It is only as secure as the least secure process running. |
| |
| ▲ | jazzyjackson 5 hours ago | parent | next [-] | | Windows 11* and MacOS also do the job as long as you're using hardware bound passkeys. * I don't want to speak past my own experience so checking my work, Windows can store passkeys in a TPM if available but falls back to storing on disk... https://helgeklein.com/blog/checking-windows-hello-for-busin... | | |
| ▲ | xaduha 3 hours ago | parent [-] | | I was looking for an answer to this when it comes to using Edge password manager in particular, it uses Windows Hello as far as I know and while it does make 'synced' passkeys they don't seem to be usable anywhere than the original machine. Useful when reinstalling Windows at least. https://yourpasskeyisweak.com does not mention Edge. |
| |
| ▲ | WolfeReader 6 hours ago | parent | prev | next [-] | | This makes me miss running Qubes a few years ago, and keeping BitWarden in a separate VM from everything else. I've never felt as secure as when I had that setup. | |
| ▲ | dist-epoch 4 hours ago | parent | prev | next [-] | | Windows already has a secure kernel credential store, they could move the Edge password store there with a bit of effort, minimize the splash damage when you retrieve a single password to send over HTTP from the regular user space. > Credential Guard prevents credential theft attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials. > Credential Guard uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. https://learn.microsoft.com/en-us/windows/security/identity-... | |
| ▲ | wat10000 6 hours ago | parent | prev [-] | | I'm pretty sure macOS is more like iOS in this respect. At the very least, the passwords are typically secured biometrically and only the one being used is actually decrypted at the time of use. |
|
