I believe LP and Bitwarden have both done the vault part right, and I have no delusions KeePass' vault code is any better, so I don't consider one better than the others in that regard. If done right, the fact your vault may be in the cloud shouldn't be inherently riskier than an offline vault kept on a USB stick. I believe Steve was impressed with the code behind LP's vault when he got a chance to privately review it, but the security of your master password can be a different matter. If you used a good master password, or if you changed it after notice of a breach, you were okay. The issues were with the stewardship of your master password, stored in LP's cloud, not with the "blob" that is your vault. If you mean LastPass, I don't believe the "issues" were ever related to the security of your password vault.
0 kommentar(er)
