"And if you don’t want to store anything on Bitwarden servers (cloud), you can host your own Bitwarden instance.""Bitwarden stores credentials securely in the cloud"
Heck of a misnomer. A lot of people, including businesses, are getting duped by this one. "cloud" and "secure" in the same sentence. LOL... Put your passwords on the internet so every hacker in the world has a chance at it. /facepalm
I'm still waiting for a password manager company to get hacked. What then?
LastPass has been hacked, had outages, and other major issues pop up at least a half dozen times over the last ten years, including very recently, but I'm sure LP is not the only one and others have also been hacked and/or had major issues, I'm just not aware of them or forgot because it did not affect me. I would think a quick search would turn up more instances.I'm still waiting for a password manager company to get hacked. What then?
Passwords usually aren't stored in plaintext. For example, even if you choose not to use the sync passphrase feature on Chrome (not using the sync passphrase is the default setting for Chrome), your passwords are encrypted before they are stored in your synced devices or Google servers.Most web browsers offer to store your passwords for you. This might seem like an ideal way to keep track of your passwords – but it’s actually a bad idea. Here are some reasons why:
The password security on browsers isn’t that great – even if you are using a secure browser. Usually, these passwords are stored in plaintext. There are also tools available online that can give hackers access to your computer (either physically or remote access schemes) and view/steal passwords stored in the browser.
Last time I checked, Chrome, Firefox and Safari w/Keychain all have built-in password generator, and most of them will tell you how strong your passwords are, and how many times you've used the same password. It's true that you'll have somewhat limited features with your browsers. For example, if you use the sync passphrase on Chrome, you only have a password generator and lose the ability to check password reuses (or weak passwords) since you cannot access to the Google's password manager (passwords.google.com) which provides you those features.Your browser will only record the username and password you enter into a web page. It won’t help you generate a password, or tell you if the password is strong, or remind you that you already used this same password on 10 other pages.
A quick search reveals LastPass has had breaches, hacks, outages, lockouts, etc occur at some point in 2011, 2014, 2015, 2016, 2017, 2018, 2019, and a major outage Jan 20, 2020 as well as the Chrome Browser extension not working just a couple of days ago. To be fair they are the not the only ones, but I found more for LP than any other PM by far. Also LP claimed no data was compromised in most cases, but they recommended users to change their passwords "just to be sure". They also denied an outage just last week until it was widely reported on the web by so many users. I did not read the details of each occurrence but the articles still exist online. I had a paid LP account until 2015 when my master password no longer worked and I lost all of my data. Their customer support is almost nonexistent, unfriendly, and unhelpful. I now use BitWarden for my family and could not be happier. YMMVDid LastPass get hacked?
It's not like that. You gain some with a password manager while you lose some, and the convenience is not the only thing you gain. You gain some in respect of SECURITY, even though you still lose some in repsect of SECURITY. Usually, you gain more security than you lose with a password manager, and that's the reason why many people recommend a password manager.in this case, IMO, convenience == enhanced, unnecessary risk. As stated earlier, ANY breach in the convenience and all your accounts are instantly at risk.
I've choosen to protect my assets, but you can assess your risk (as it should be) for yourself. Notice --- IMO is all over the subject.
Very verbose but not convincing. As stated at the beginning (and incontrovertible imo) once the password manager is breached, all your accounts are at risk and it has happened. I'll go quietly on my own, thank you.You gain some with a password manager while you lose some, and the convenience is not the only thing you gain. You gain some in respect of SECURITY, even though you still lose some in repsect of SECURITY. Usually, you gain more security than you lose with a password manager, and that's the reason why many people recommend a password manager.