this post was submitted on 01 May 2024
512 points (97.6% liked)
Technology
59587 readers
3292 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
With unique passwords, the attack surface just changes. Instead of attacking the passwords, attackers attack the password managers. LastPass, Okta, and Passwordstate each had breaches, and the first two are quite popular.
That doesn't mean Bitwarden is at risk (not sure if it has been targeted), it just means that attackers are finding success going after password managers, so they could go after Bitwarden. Maybe they'll sneak in an xz-style bug that'll allow attackers to steal credentials en-route, idk.
So it's a matter of good/better/best:
The overhead from using a separate 2FA app is pretty low, just make sure it encrypts your keys and you trust it (FOSS is a good indicator of trust).