Password Security Catch-All Thread

Thanks deJanzie!

*Legion* wrote:

Bitwarden self-hosted (with occasional JSON backup exports stored in a VeraCrypt vault) remains my approach.

Another year-plus later, this remains my go-to solution, and absolutely nothing has made me think twice.

Previously I was running the self-hosted instance on an Intel NUC running Ubuntu, but I built an Unraid server last year, and I migrated to using the managed Docker app version in Unraid. (Migrating was as simple as taking a fresh JSON backup from my running instance, bringing up the new instance, and then importing into the new one).

Self hosting isn't for everyone, but if you use a platform like Unraid, it's definitely easier than doing it manually.

Thanks Legion! Probably won't go that route but it's interesting.

If you are looking for a commercial one, I have been generally happy with 1Password.

I'm very happy with Bitwarden myself.

Auto-fill in some apps on Android can be a bit spotty in my experience, and some times it doesn't seem to pick up password changes on some sites. But those are minor and sporadic.

MrDeVil909 wrote:

I'm very happy with Bitwarden myself.

Auto-fill in some apps on Android can be a bit spotty in my experience, and some times it doesn't seem to pick up password changes on some sites. But those are minor and sporadic.

This is my experience as well. Generally good, but some weird quirks that might scare off someone that's not great at tech.

I didn't think Bitwarden had an auto-fill function as that was one thing I lamented missing when I switched from Lastpass. Guess I'll keep it off now that I'm used to not having it.

If you go into Settings on Bitwarden, auto-fill is the first menu option (at least, in the Firefox extension, it is).

If you want to use auto-fill on Bitwarden, I would recommend enabling the feature, setting the default global behavior to NOT auto-fill, then you can selectively enable the auto-fill behavior for specific websites that you can trust to keep their login pages relatively secure (ie. the odds someone can sneak an autofill-capturing iframe onto the Amazon login page is pretty damn low)

This is disheartening news, but par for the (wickedly difficult) security course. Sigh.

I use BitWarden for personal accounts, and 1Password at work. I'm a bit more partial to BitWarden but they both work pretty well.

So should I start using Passkeys?

Passkeys Are the New Passwords

Why is this better? I am reading the article now and I don't see it leaping out at me.

* another article saying how helpful and good they are

Google passkeys are a no-brainer. You’ve turned them on, right?

Arise thread!

A company I do work for is switching to Deel for payments. This is what they say about access to the personal and banking data they will be storing:

Deel has a personal data processing registry covering all personal data processing in the company. It also maintains a data breach registry and a data subject request registry. Deel dynamically and statically scans for security vulnerabilities, fixing inconsistencies as needed. No passwords, keys, or tokens are held in code. Access to Deel is granted via APIs, including Deel’s website. Each API is authenticated and authorized to ensure the calling user is authorized to make the API call. Only secure protocols (e.g., HTTPS) and network connections (such as VPN) are used to transfer personal data.

To me, it looks fine, but I am a moron who knows he doesn't know enough.