Thanks, smartass. This wouldn't have been a problem to this degree if their product matched up to their promise and the whole vault was actually encrypted.
I willingly accepted the dox risk of personal identifiable data because they were transparent they maintained this and hence this would leak. I would never have used their service if I knew website URLs were unencrypted.
Don't trust people you don't know with your secrets...why do you even think they encrypt anything (trust?), in the real world you would never be that ignorant right?
If you’re being so cocky, I’m sure you would never type your secrets into any piece of software that auto-updates, right? After all, you’re trusting someone else not to release a software update that leaks your secrets. And I’m sure you do a full audit of the Chrome source code every time a new version is released. And for your locally hosted password manager software too, right?
>I’m sure you would never type your secrets into any piece of software that auto-updates, right?
Never all of them, with notes, urls and other stuff....what has auto-update todo with it?
I don't save my passwords in a password-cloud-service....is that really so hard to understand why it is a bad idea if you do that? Well here you have it why it's a bad idea.
Any software running on your PC can gain access to any online account on your PC. If you have auto-updates enabled, a malicious update could be pushed to your PC at any time to compromise you and tens of millions of other users, even with something as ubiquitous as uBlock Origin.
At some point you have to trust someone unless you wish to live off the grid, that's just an unfortunate reality.
So your argumentation is:
The attack surface is already big, let's make it even bigger..in this case for pure laziness. Good point really...
My argument is that a chain is only as strong as the weakest link in the chain.
After all, what's the alternative?
- Remembering all of your (strong, unique) passwords?
Impossible.
- Using a single password, or a system for deriving "unique" passwords to make them easy to memorize?
More insecure than an cloud-based password manager. People forget and get injured.
- Using an offline password manager such as KeePass?
Doable, but you trade one set of concerns for another. How many NPM packages have been compromised, stealing data from developer machines? How many people get knowingly, or unknowingly infected? Are you certain that the likelihood of your own machine getting compromised is lower than that of e.g. Bitwarden? Furthermore, if you use something like DropBox to sync your "offline" vault across devices, you're once again trusting someone else to keep the vault safe.
Your risk of a targeted attack might be lower with offline storage, but your risk of an automated attack is significantly increased, because most people don't know how to properly secure their $5 VPS or Raspberry Pi that they're using to self-host their password manager.
You claimed that using any cloud-based password manager is a bad idea, I disagree.
Password managers are not made equal so it's important to do some research and pick one that undergoes extensive security audits, is preferably open source and use a strong passphrase to secure it.
A password manager that fits this criteria will produce a vault file that would take hundreds of years to crack, even if their servers get breached and all data is stolen. This was notably not the case with LastPass. It was neither properly implemented, nor (properly) audited, nor open source.
>After all, what's the alternative?
Use keepass and don't upload your password in cleartext to someone who just tells you they are encrypted.
Trust someone else with your passwords is 99% the weakest link.
>Your risk of a targeted attack might be lower with offline storage,
We don't talk about targeted attacks, but a breach of every user who uses the service, are you from marketing? Because you really try to justify uploading your passwords to a 3rd party with proprietary software is a good thing, are you absolutely out of your mind??
If you have told anyone in the year 2000 to upload all your passwords to a service, in clear-text but who tells you it's absolutely safe and everything gets encrypted, you would have been laughed out of the room, so you should today.
>to self-host their password manager.
Gosh, are we really that far from commonsense that we think we have to host a personal password manager??? It's an encrypted file basta. It's like unix never existed and now we need an oracle database and php to "host" our 20 passwords...bravo. Hey why not install github-enterprise so we can use git?
My point about self-hosting password managers was aimed at a relatively common (but in my opinion, unwise) advice for people to just host their own instances of vaultwarden[1], but it also applies to file-based storage such as KeePass.