davidvur.blogg.se - Is lastpass safe reddit

But now, I have to worry about a VM or containers and where to host it, security updates, etc.

LastPass has had rock-solid availability for years and while their Android app has sucked a bit, it's always been functional and the service online. Really, this should have been the only model, but I didn't want to and I don't want to now. Vent: Like many, it's time to move to Bitwarden via self-hosted.Even if I were to reach out and say "change your API key", there are some customers I wouldn't even know how to, short of emailing I know I know, this is on them since they should be rotating anyway, but we all know how that goes.

The tricky part of this is that some keys are for former customers with many PoCs that have themselves left.

Vent: I have customer API keys in my secure notes, and while luckily not many and most are easily changeable, the fact is they're there.

Many of them are probably dead and gone, but still, it's not like I can just follow "We recommend you change your passwords!" type of guidance so easily.

Vent: I have 1000s of passwords in there.

I need the flexibility of it being on PC, Mac, Android, and others, so KeePass is out of the question. My trust in any hosted provider is now generally broken, but I still want the convenience.

Is anyone realistically looking at other providers (bitwarden hosted, dashlane, 1password, etc.?).

If the data is truly offline and in the hands of the adversary, MFA is no longer in play, correct? There's nothing online to authenticate against, so unless the MFA process salted the password somehow, I can't see how MFA protects anymore.

The length is obviously strong and is a nonsensical sentence, but in the end, the words are dictionary. I have a 30-character master password in the "correct horse battery staple" XKCD style, so more of a passphrase. Cannot live without it and gladly pay the renewal for premium every year.

I'm an avid LastPass user have been for years. I also just need to vent on a few of these. I have questions about the LastPass breach that extend past my area of expertise. Throwaway account for obvious reasons, but I'm a common lurker and contributor to r/sysadmin.