Say a friend is looking for a new system, and said person is not particularly savvy with technology, what system would you point them toward?
Say a friend is looking for a new system, and said person is not particularly savvy with technology, what system would you point them toward?
Honestly, I can’t understand how browsers are still allowed to store passwords in 2026. That functionality should have been torn out of them half a decade ago for the massive security flaw that it is.
That’s not about BitWarden or 1Password. That was about the password storage system integrated into Waterfox. And no, they are locally stored and relatively safe. I have used that system for 20+ years and I have never had any of my account data stolen.
And I do actually keep them separately and on paper. Laught about it if you want to, but it’s easy and most reliable. I’ve had pc’s die on me, so I’m happy to have it that way.
Why would you trust companies like BitWarden or 1Password? It’s the same as with EncroChat or similar services. Agencies start up a company that promises to protect your sensitive data. Then you give them your sensitive data. But they put a backdoor into their programs. So now they have all your sensitive data. I don’t know who is behind those companies so I don’t trust them. With Mozilla, that’s just an old habit and nothing of essence is in there.
I have a different way to do it, but I’m not going to disclose it here. Just saying that in the last 25 years, not a single one of my accounts got hacked by my fault. I had 1 Ubisoft account hacked, but that was because their servers got hacked and the password was stolen from there.
Because they are end-to-end encrypted, as evidenced by their account-recovery mechanisms: they cannot offer one.
Why? Because the encryption on your data files is based - in small part - on your master password. So if you cannot get back in with your master password, they can’t get in without it, either.
The only exception is corporate accounts, which are linked back to a master account made by your employer, which has rights to access anything in your specific account and who can expose company-wide accounts to you based on groups and rules.
Plus, BitWarden also has the capability to entirely self-host, keeping their public servers and domains entirely out of the loop. It’s just between you and the server you configure yourself.
LastPass had a mere security breach, and they suffered a 50+% market share drop between 2001 and 2024. An active backdoor would drive any company to 0% market share damn quick, which in business terms is called a fatal level of risk – a business killer for anyone in the security industry.
Bitwarden, in particular, has openly committed itself to fighting any attempt to legislate a back door into their product, and - like other companies like Signal - would rather exit an entire market than build a back door into their product.
Wow.
I’m not laughing… I feel sorry for you.
I put the mention of Excel and paper options in as a dare from colleagues. They didn’t think you would out yourself as such a security anti-intellectual.
For the record, not only can you script secure BitWarden exports to your storage enclave of choice, but you can even script exports to KeePass for offline access.
Granted, with an export to KeePass there are things like ToTP and secondary/tertiary URLs that won’t come along for the ride, as it’s not something that KeePass does, but most everything else will.
X-Doubt.
Ubisoft did not store their passwords in plaintext. Those passwords were all hashed appropriately.
If your password was successfully un-hashed and used, it was because either,
In all three cases, it’s user error on your part.
https://haveibeenpwned.com/
Check it out, it’s wild. Betchya more than just Ubisoft will pop up.