#passwordmanager — Public Fediverse posts

Should I be worried...? I got this email from proton this morning. #proton #passwordmanager #manager #Ai #security

Should I be worried...? I got this email from proton this morning. #proton #passwordmanager #manager #Ai #security

Should I be worried...? I got this email from proton this morning. #proton #passwordmanager #manager #Ai #security

Should I be worried...? I got this email from proton this morning. #proton #passwordmanager #manager #Ai #security

Should I be worried...? I got this email from proton this morning. #proton #passwordmanager #manager #Ai #security

🔑 lesspass/lesspass

:key: stateless open source password manager

Generates unique passwords on demand using a master password and site details, with no vault syncing or storage. Works via browser extensions, CLI, mobile apps or self-hosted server

⭐ Stars: 6024
📅 Last Update: May 25, 2026

https://github.com/lesspass/lesspass

#selfhosted #homelab #selfhost #selfhosting #opensource #passwordmanager #stateless

🔑 lesspass/lesspass

:key: stateless open source password manager

Generates unique passwords on demand using a master password and site details, with no vault syncing or storage. Works via browser extensions, CLI, mobile apps or self-hosted server

⭐ Stars: 6024
📅 Last Update: May 25, 2026

https://github.com/lesspass/lesspass

#selfhosted #homelab #selfhost #selfhosting #opensource #passwordmanager #stateless

#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1

_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting

#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1

_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting

#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1

_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting

#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1

_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting

@kkdk WELL DONE!

In #Android ( #AOSP ), when could we expect support for #PasswordManager (s)?
I love #vivaldi but the need to manage individual copy pastes is very cumbersome, and i would hope this is not such a heavy change?

I saw a quite old blog post about this, but with latest version, it's still not there.

Thank you!

https://vivaldi.com/blog/android-3-9-2299-3/

@kkdk WELL DONE!

In #Android ( #AOSP ), when could we expect support for #PasswordManager (s)?
I love #vivaldi but the need to manage individual copy pastes is very cumbersome, and i would hope this is not such a heavy change?

I saw a quite old blog post about this, but with latest version, it's still not there.

Thank you!

https://vivaldi.com/blog/android-3-9-2299-3/

@kkdk WELL DONE!

In #Android ( #AOSP ), when could we expect support for #PasswordManager (s)?
I love #vivaldi but the need to manage individual copy pastes is very cumbersome, and i would hope this is not such a heavy change?

I saw a quite old blog post about this, but with latest version, it's still not there.

Thank you!

https://vivaldi.com/blog/android-3-9-2299-3/

@kkdk WELL DONE!

In #Android ( #AOSP ), when could we expect support for #PasswordManager (s)?
I love #vivaldi but the need to manage individual copy pastes is very cumbersome, and i would hope this is not such a heavy change?

I saw a quite old blog post about this, but with latest version, it's still not there.

Thank you!

https://vivaldi.com/blog/android-3-9-2299-3/

@kkdk WELL DONE!

In #Android ( #AOSP ), when could we expect support for #PasswordManager (s)?
I love #vivaldi but the need to manage individual copy pastes is very cumbersome, and i would hope this is not such a heavy change?

I saw a quite old blog post about this, but with latest version, it's still not there.

Thank you!

https://vivaldi.com/blog/android-3-9-2299-3/

After some spontaneous hacking on BitRitters edit mode, i made some good progress: First time i could change values and save them to the database/server.
It really means alot to le because after 2 failed applications for funding i ditched the topic for too long.
It might need a major rework of the UI internals though, but now i am motivated again.

#BitRitter #VaultWarden #BitWarden #PasswordManager #LinuxPhone #LinuxMobile #Relm4

After some spontaneous hacking on BitRitters edit mode, i made some good progress: First time i could change values and save them to the database/server.
It really means alot to le because after 2 failed applications for funding i ditched the topic for too long.
It might need a major rework of the UI internals though, but now i am motivated again.

#BitRitter #VaultWarden #BitWarden #PasswordManager #LinuxPhone #LinuxMobile #Relm4

Get your #passwords out of #BitWarden while you still can
https://www.osnews.com/story/145029/get-your-passwords-out-of-bitwarden-while-you-still-can/

Putting your passwords in any (non-self hosted) #cloud was a bad idea in the first place: https://karl-voit.at/cloud/

#enshittification #passwordmanager #publicvoit #20161112_Cloud

Bitwarden replaced its CEO and CFO without announcements, raising scrutiny around governance at a widely used open-source password manager. 🔐
Bitwarden briefly removed “Always Free” and rewrote GRIT values, fueling concerns over transparency and long-term user control. 👀

🔗 https://itsfoss.com/news/bitwarden-quiet-changes/

#TechNews #Bitwarden #OpenSource #PasswordManager #Privacy #FOSS #Cybersecurity #Security #Encryption #Transparency #SelfHosting #Linux #DataProtection #Infosec #DigitalRights #Password

Bitwarden replaced its CEO and CFO without announcements, raising scrutiny around governance at a widely used open-source password manager. 🔐
Bitwarden briefly removed “Always Free” and rewrote GRIT values, fueling concerns over transparency and long-term user control. 👀

🔗 https://itsfoss.com/news/bitwarden-quiet-changes/

#TechNews #Bitwarden #OpenSource #PasswordManager #Privacy #FOSS #Cybersecurity #Security #Encryption #Transparency #SelfHosting #Linux #DataProtection #Infosec #DigitalRights #Password

Bitwarden replaced its CEO and CFO without announcements, raising scrutiny around governance at a widely used open-source password manager. 🔐
Bitwarden briefly removed “Always Free” and rewrote GRIT values, fueling concerns over transparency and long-term user control. 👀

🔗 https://itsfoss.com/news/bitwarden-quiet-changes/

#TechNews #Bitwarden #OpenSource #PasswordManager #Privacy #FOSS #Cybersecurity #Security #Encryption #Transparency #SelfHosting #Linux #DataProtection #Infosec #DigitalRights #Password

Bitwarden replaced its CEO and CFO without announcements, raising scrutiny around governance at a widely used open-source password manager. 🔐
Bitwarden briefly removed “Always Free” and rewrote GRIT values, fueling concerns over transparency and long-term user control. 👀

🔗 https://itsfoss.com/news/bitwarden-quiet-changes/

#TechNews #Bitwarden #OpenSource #PasswordManager #Privacy #FOSS #Cybersecurity #Security #Encryption #Transparency #SelfHosting #Linux #DataProtection #Infosec #DigitalRights #Password

Bitwarden replaced its CEO and CFO without announcements, raising scrutiny around governance at a widely used open-source password manager. 🔐
Bitwarden briefly removed “Always Free” and rewrote GRIT values, fueling concerns over transparency and long-term user control. 👀

🔗 https://itsfoss.com/news/bitwarden-quiet-changes/

#TechNews #Bitwarden #OpenSource #PasswordManager #Privacy #FOSS #Cybersecurity #Security #Encryption #Transparency #SelfHosting #Linux #DataProtection #Infosec #DigitalRights #Password

@oscloud asi blbý dotaz. S ohledem na objevující se informace o vývoji v #Bitwarden, začínám hledat info jestli/jak řešit #passwordmanager .
Momentálně používám BW s vlastní registrací, nikoliv na #nexcloud , kam přistupuji pres #oscloud .
Mám si "svůj" BW převést/zmigrovat do toho v #Nextcloud , nebo přejít na jinou aplikaci/poskytovatele (nějaké konkrétní doporučení)?
Řešíte (zajímáte se o) to nějak jako #oscloud , nebo soukromě? Děkuji

@sesivany https://social.vivaldi.net/@sesivany/116606134758668559

Things Are Quietly Changing at #Bitwarden, and People Are Worried
The #passwordmanager swapped its CEO, rewrote its core values, and briefly pulled "Always Free" from its pricing page.
It's been known as being free, #opensource, and trustworthy, it has gained a reputation by offering a free tier, keeping the code open, and not pulling the rug.
So when things start looking a little off, people pay attention. And over past few months, a few things have looked a little off.
https://itsfoss.com/news/bitwarden-quiet-changes/

#Bitwarden scrubs ‘Always free’ and ‘Inclusion’ values from its website as longtime execs step down
What is going on with the beloved #opensource #passwordmanager?
The company has long defined its values with the acronym "GRIT," which used to stand for "Gratitude, Responsibility, Inclusion, and Transparency." After May 4, it changed the acronym to stand for "Gratitude, Responsibility, Innovation, and Trust."
https://www.fastcompany.com/91542655/bitwarden-scrubs-always-free-and-inclusion-values-from-its-website-as-longtime-execs-step-down
https://archive.ph/ApRXj

Soooo Password Manager tool Bitwarden is enshitifying this week; with potential flow on implications for Vaultwarden (dont stress today, but be ready to stress later).

https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden

Makes for an awkard moment for us at the Digital Justice Society.

We've recently downgraded our rating of Proton Pass, as month on month we we were finding they had become increasingly spammy in their sign up flows.

Now our "Best" options for free non-big-tech Password Managers.. are both Enshitifying.

Bitwarden, ProtonPass; the principal would like to see both of you after class today.

#BitWarden #ProtonPass #1Password #PasswordManager #DigitalSecurity #Passwords #PasswordSecurity #DigitalJustice

Soooo Password Manager tool Bitwarden is enshitifying this week; with potential flow on implications for Vaultwarden (dont stress today, but be ready to stress later).

https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden

Makes for an awkard moment for us at the Digital Justice Society.

We've recently downgraded our rating of Proton Pass, as month on month we we were finding they had become increasingly spammy in their sign up flows.

Now our "Best" options for free non-big-tech Password Managers.. are both Enshitifying.

Bitwarden, ProtonPass; the principal would like to see both of you after class today.

#BitWarden #ProtonPass #1Password #PasswordManager #DigitalSecurity #Passwords #PasswordSecurity #DigitalJustice

Soooo Password Manager tool Bitwarden is enshitifying this week; with potential flow on implications for Vaultwarden (dont stress today, but be ready to stress later).

https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden

Makes for an awkard moment for us at the Digital Justice Society.

We've recently downgraded our rating of Proton Pass, as month on month we we were finding they had become increasingly spammy in their sign up flows.

Now our "Best" options for free non-big-tech Password Managers.. are both Enshitifying.

Bitwarden, ProtonPass; the principal would like to see both of you after class today.

#BitWarden #ProtonPass #1Password #PasswordManager #DigitalSecurity #Passwords #PasswordSecurity #DigitalJustice

Well, tried it and I like it! Has everything that I need.

- Works on all platforms
- #iOS app and #Safari extension
- Mobile app for login (still no TouchID on macs)
- Import from BW went with zero issues (items, passkeys, folders, 2FA...)

If I had to say something "negative" it would be the font and colour pallet but apart from that, all good so far. Very good version @aliasvault

#Bitwarden #AliasVault #selfhosted #selfhosting #homelab #passwordmanager #passwords #security #docker #synology

Well, tried it and I like it! Has everything that I need.

- Works on all platforms
- #iOS app and #Safari extension
- Mobile app for login (still no TouchID on macs)
- Import from BW went with zero issues (items, passkeys, folders, 2FA...)

If I had to say something "negative" it would be the font and colour pallet but apart from that, all good so far. Very good version @aliasvault

#Bitwarden #AliasVault #selfhosted #selfhosting #homelab #passwordmanager #passwords #security #docker #synology

Well, tried it and I like it! Has everything that I need.

- Works on all platforms
- #iOS app and #Safari extension
- Mobile app for login (still no TouchID on macs)
- Import from BW went with zero issues (items, passkeys, folders, 2FA...)

If I had to say something "negative" it would be the font and colour pallet but apart from that, all good so far. Very good version @aliasvault

#Bitwarden #AliasVault #selfhosted #selfhosting #homelab #passwordmanager #passwords #security #docker #synology

Well, tried it and I like it! Has everything that I need.

- Works on all platforms
- #iOS app and #Safari extension
- Mobile app for login (still no TouchID on macs)
- Import from BW went with zero issues (items, passkeys, folders, 2FA...)

If I had to say something "negative" it would be the font and colour pallet but apart from that, all good so far. Very good version @aliasvault

#Bitwarden #AliasVault #selfhosted #selfhosting #homelab #passwordmanager #passwords #security #docker #synology

Well, tried it and I like it! Has everything that I need.

- Works on all platforms
- #iOS app and #Safari extension
- Mobile app for login (still no TouchID on macs)
- Import from BW went with zero issues (items, passkeys, folders, 2FA...)

If I had to say something "negative" it would be the font and colour pallet but apart from that, all good so far. Very good version @aliasvault

#Bitwarden #AliasVault #selfhosted #selfhosting #homelab #passwordmanager #passwords #security #docker #synology

Doch die richtige Entscheidung gewesen, zu #keepass zu wechseln.

"Kurz nach der Preisänderung wurden auch die Unternehmenswerte Inklusion und Transparenz von der Seite gestrichen."

#bitwarden #password #passwordmanager

https://www.golem.de/news/passwortmanager-bitwarden-wechselt-fuehrungskraefte-und-passt-preise-an-2605-208780.html

While I do love and use #Bitwarden, I’m always on the lookout for alternatives. In case VW will have issues with BW official apps and/or extension, #AliasVault might be my next #selfhosted password manager

#selfhosting #homelab #passwordmanager #passwords #security #docker #synology
https://www.aliasvault.net/

While I do love and use #Bitwarden, I’m always on the lookout for alternatives. In case VW will have issues with BW official apps and/or extension, #AliasVault might be my next #selfhosted password manager

#selfhosting #homelab #passwordmanager #passwords #security #docker #synology
https://www.aliasvault.net/

While I do love and use #Bitwarden, I’m always on the lookout for alternatives. In case VW will have issues with BW official apps and/or extension, #AliasVault might be my next #selfhosted password manager

#selfhosting #homelab #passwordmanager #passwords #security #docker #synology
https://www.aliasvault.net/

While I do love and use #Bitwarden, I’m always on the lookout for alternatives. In case VW will have issues with BW official apps and/or extension, #AliasVault might be my next #selfhosted password manager

#selfhosting #homelab #passwordmanager #passwords #security #docker #synology
https://www.aliasvault.net/

While I do love and use #Bitwarden, I’m always on the lookout for alternatives. In case VW will have issues with BW official apps and/or extension, #AliasVault might be my next #selfhosted password manager

#selfhosting #homelab #passwordmanager #passwords #security #docker #synology
https://www.aliasvault.net/

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@emilion in https://infosec.exchange/@emilion/116595960854703567: you misunderstand me. My point is that Scott's article is yet another one in long row that reads like an advertisement.

I am not insisting that FIDO or whatever organisation fixes things (regardless whether that is something they can do or not): I am asking for USEFUL information for users to evaluate advantages and their risks.

A similar example: #TOTP was (and still is) being heavily promoted because people use (and reuse) extremely weak passwords. TOTP does *NOT* fix that problem (apart from the shit that we got, e.g. today's https://www.heise.de/en/news/Microsoft-Authenticator-Critical-vulnerability-allows-token-theft-11296758.html).

Effectively people are told to use a password manager (the TOTP app) to fix ANOTHER problem, and nobody tells them to make backups of shared secrets (leading to account lockout).#Phishing is likely the biggest problem on the Internet, while TOTP does not fix that (and no, #Evilginx is no longer considered a "sophisticated" attack, from 2019: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124).

People who lose trust in security-pro's who state "just use this tech, it's great" are right. We need to do a better job.

@ScottHelme

#Passkeys #PasskeyRisks #Passwords #PasswordRisks #PasswordManager #AuthenicatorApps #MicrosoftAuthenticator

@ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

1. You skipped the "private key never leaves the device" lie. Note that this vuln: https://seclists.org/fulldisclosure/2024/Feb/15 is unfixed (see https://todon.nl/@ErikvanStraten/116552104781266939).

The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: https://github.com/keepassxreboot/keepassxc/issues/10407.

Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: https://todon.nl/@ErikvanStraten/115658045799601168 (@timcappalli ).

2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

3. "Passkeys are not magic": I don't see "what risks remain" in https://scotthelme.co.uk/passkeys-101-an-introduction-to-passkeys-and-how-they-work/ - which is why I objected.

4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

#Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

@ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

1. You skipped the "private key never leaves the device" lie. Note that this vuln: https://seclists.org/fulldisclosure/2024/Feb/15 is unfixed (see https://todon.nl/@ErikvanStraten/116552104781266939).

The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: https://github.com/keepassxreboot/keepassxc/issues/10407.

Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: https://todon.nl/@ErikvanStraten/115658045799601168 (@timcappalli ).

2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

3. "Passkeys are not magic": I don't see "what risks remain" in https://scotthelme.co.uk/passkeys-101-an-introduction-to-passkeys-and-how-they-work/ - which is why I objected.

4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

#Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

@ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

1. You skipped the "private key never leaves the device" lie. Note that this vuln: https://seclists.org/fulldisclosure/2024/Feb/15 is unfixed (see https://todon.nl/@ErikvanStraten/116552104781266939).

The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: https://github.com/keepassxreboot/keepassxc/issues/10407.

Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: https://todon.nl/@ErikvanStraten/115658045799601168 (@timcappalli ).

2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

3. "Passkeys are not magic": I don't see "what risks remain" in https://scotthelme.co.uk/passkeys-101-an-introduction-to-passkeys-and-how-they-work/ - which is why I objected.

4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

#Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

@ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

1. You skipped the "private key never leaves the device" lie. Note that this vuln: https://seclists.org/fulldisclosure/2024/Feb/15 is unfixed (see https://todon.nl/@ErikvanStraten/116552104781266939).

The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: https://github.com/keepassxreboot/keepassxc/issues/10407.

Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: https://todon.nl/@ErikvanStraten/115658045799601168 (@timcappalli ).

2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

3. "Passkeys are not magic": I don't see "what risks remain" in https://scotthelme.co.uk/passkeys-101-an-introduction-to-passkeys-and-how-they-work/ - which is why I objected.

4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

#Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

🔑 Heads up, #Bitwarden has seen some quiet and curious website and company changes: https://www.fastcompany.com/91542655/bitwarden-scrubs-always-free-and-inclusion-values-from-its-website-as-longtime-execs-step-down

Let's keep an eye on these developments. 👀

#Vaultwarden #Passwords #Password #PasswordManager #FOSS #Security