#passwordmanagers — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passwordmanagers, aggregated by home.social.
-
Yay, the transition from BitWarden/VaultWarden to 1Password is complete. I'll still need to learn the keyboard shortcuts, especially for when I'm not in a web browser, but figuring things out in the interface and setting up TOTP 2FA/passkeys for things using 1Password turned out to be a cinch. At least I was able to import things straight from BitWarden right into 1Password. The only things that didn't carry over were custom fields and passkeys from BitWarden, but it's all straightened out now. #A11Y #Accessibility #Blind #PasswordManagers #Windows #iOS #1Password
-
Yay, the transition from BitWarden/VaultWarden to 1Password is complete. I'll still need to learn the keyboard shortcuts, especially for when I'm not in a web browser, but figuring things out in the interface and setting up TOTP 2FA/passkeys for things using 1Password turned out to be a cinch. At least I was able to import things straight from BitWarden right into 1Password. The only things that didn't carry over were custom fields and passkeys from BitWarden, but it's all straightened out now. #A11Y #Accessibility #Blind #PasswordManagers #Windows #iOS #1Password
-
Yay, the transition from BitWarden/VaultWarden to 1Password is complete. I'll still need to learn the keyboard shortcuts, especially for when I'm not in a web browser, but figuring things out in the interface and setting up TOTP 2FA/passkeys for things using 1Password turned out to be a cinch. At least I was able to import things straight from BitWarden right into 1Password. The only things that didn't carry over were custom fields and passkeys from BitWarden, but it's all straightened out now. #A11Y #Accessibility #Blind #PasswordManagers #Windows #iOS #1Password
-
Yay, the transition from BitWarden/VaultWarden to 1Password is complete. I'll still need to learn the keyboard shortcuts, especially for when I'm not in a web browser, but figuring things out in the interface and setting up TOTP 2FA/passkeys for things using 1Password turned out to be a cinch. At least I was able to import things straight from BitWarden right into 1Password. The only things that didn't carry over were custom fields and passkeys from BitWarden, but it's all straightened out now. #A11Y #Accessibility #Blind #PasswordManagers #Windows #iOS #1Password
-
Yay, the transition from BitWarden/VaultWarden to 1Password is complete. I'll still need to learn the keyboard shortcuts, especially for when I'm not in a web browser, but figuring things out in the interface and setting up TOTP 2FA/passkeys for things using 1Password turned out to be a cinch. At least I was able to import things straight from BitWarden right into 1Password. The only things that didn't carry over were custom fields and passkeys from BitWarden, but it's all straightened out now. #A11Y #Accessibility #Blind #PasswordManagers #Windows #iOS #1Password
-
If you use #BitWarden I ask you to contact them to remove their current CEO. I’m refusing to pay them until they remove him.
They have quietly replaced their old CEO in favour of one known to cut and gut companies in order to make them more profitable.
-
REMUS Infostealer Targets Session Theft, Password Managers
Meet REMUS Infostealer, a rapidly evolving threat that's been making waves in the underground scene since February 2026, with its operators boasting a staggering 90% callback rate thanks to top-notch crypting and a dedicated server. This infostealer has quickly become a commercialized and professionalized menace, with a flurry of updates,…
#Infostealer #Remus #SessionTheft #PasswordManagers #MalwareOperations
-
Weekend Reads
* Rolling the DNS root key
https://www.potaroo.net/ispcol/2026-05/kskroll.html
* Measuring Internet censorship
https://ooni.org/post/2026-measuring-internet-censorship-trends-challenges-impact/
* How an HTTP header caused time.gov skew
https://alexsci.com/blog/how-time-gov-works/
* Password manager infrastructure in-the-wild
https://censys.com/blog/password-manager-infrastructure/
* Investigating NRS outreach to AFRINIC members
https://circleid.com/posts/registry-under-siege-investigating-nrs-outreach-to-afrinic-members -
Weekend Reads
* Rolling the DNS root key
https://www.potaroo.net/ispcol/2026-05/kskroll.html
* Measuring Internet censorship
https://ooni.org/post/2026-measuring-internet-censorship-trends-challenges-impact/
* How an HTTP header caused time.gov skew
https://alexsci.com/blog/how-time-gov-works/
* Password manager infrastructure in-the-wild
https://censys.com/blog/password-manager-infrastructure/
* Investigating NRS outreach to AFRINIC members
https://circleid.com/posts/registry-under-siege-investigating-nrs-outreach-to-afrinic-members -
Weekend Reads
* Rolling the DNS root key
https://www.potaroo.net/ispcol/2026-05/kskroll.html
* Measuring Internet censorship
https://ooni.org/post/2026-measuring-internet-censorship-trends-challenges-impact/
* How an HTTP header caused time.gov skew
https://alexsci.com/blog/how-time-gov-works/
* Password manager infrastructure in-the-wild
https://censys.com/blog/password-manager-infrastructure/
* Investigating NRS outreach to AFRINIC members
https://circleid.com/posts/registry-under-siege-investigating-nrs-outreach-to-afrinic-members -
Weekend Reads
* Rolling the DNS root key
https://www.potaroo.net/ispcol/2026-05/kskroll.html
* Measuring Internet censorship
https://ooni.org/post/2026-measuring-internet-censorship-trends-challenges-impact/
* How an HTTP header caused time.gov skew
https://alexsci.com/blog/how-time-gov-works/
* Password manager infrastructure in-the-wild
https://censys.com/blog/password-manager-infrastructure/
* Investigating NRS outreach to AFRINIC members
https://circleid.com/posts/registry-under-siege-investigating-nrs-outreach-to-afrinic-members -
Weekend Reads
* Rolling the DNS root key
https://www.potaroo.net/ispcol/2026-05/kskroll.html
* Measuring Internet censorship
https://ooni.org/post/2026-measuring-internet-censorship-trends-challenges-impact/
* How an HTTP header caused time.gov skew
https://alexsci.com/blog/how-time-gov-works/
* Password manager infrastructure in-the-wild
https://censys.com/blog/password-manager-infrastructure/
* Investigating NRS outreach to AFRINIC members
https://circleid.com/posts/registry-under-siege-investigating-nrs-outreach-to-afrinic-members -
Schneier on Security
On the Security of Password Managers
https://www.schneier.com/blog/archives/2026/02/on-the-security-of-password-managers.html
-
MakeUseOf: 3 free password managers that are actually better than the paid ones. “Turns out, not all free apps are stripped-down tools that only try to get you to subscribe to higher tiers. The following three free password managers are actually great to use, and offer solid features, transparency, and trust.”
https://rbfirehose.com/2026/03/05/makeuseof-3-free-password-managers-that-are-actually-better-than-the-paid-ones/ -
Password Managers Expose Hidden Vulnerabilities in Latest Study
📰 Original title: Password Managers Share a Hidden Weakness
🤖 IA: It's not clickbait ✅
👥 Usuarios: It's not clickbait ✅View full AI summary: https://killbait.com/en/password-managers-expose-hidden-vulnerabilities-in-latest-study/?redirpost=0b8442c4-bbaf-4f8e-ab9d-85cc621a0c11
#technology #passwordmanagers #cybersecurity #vulnerabilities
-
Password Managers Expose Hidden Vulnerabilities in Latest Study
📰 Original title: Password Managers Share a Hidden Weakness
🤖 IA: It's not clickbait ✅
👥 Usuarios: It's not clickbait ✅View full AI summary: https://killbait.com/posts/post/0b8442c4-bbaf-4f8e-ab9d-85cc621a0c11
#technology #passwordmanagers #cybersecurity #vulnerabilities
-
#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD -
#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD -
#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD -
#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD -
#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD -
I've been running Bitwarden with a self-hosted Vaultwarden instance for a few weeks now, and it certainly looks like it can replace 1Password for me.
Although it doesn't have "AI-powered item naming”... #worldssmallestviolin
-
Wow, #1Password are increasing their prices by 20% 😱
Good thing I was already checking out alternatives, because I don’t care about any of the things that they say are causing the price increase (“AI-powered item naming”, really?).
-
I never liked the idea of using cloud-based password managers. There are news stories all the time about some type of data breach. Each additional person having their passwords on a server makes the payout incrementally more attractive, more valuable.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/ #Security #PasswordManagers #Tech
-
Password managers less secure than promised
#HackerNews #PasswordManagers #SecurityConcerns #CyberSecurity #DataPrivacy #TechNews
-
And this puts me one step closer to migrating my cloud vault in-house...
Password managers' promise that they can't see your vaults isn't always true
#PasswordManagers #ZeroKnowledge #Security #Privacy #Vulnerabilities #Tech
-
https://winbuzzer.com/2026/02/19/microsoft-edge-145-password-manager-security-fixes-xcxwbn/
Edge 145 Rolls Out with Password Upgrades and Security Patches
#Edge145 #MicrosoftEdge #Microsoft #WebBrowsers #PasswordManagers #SecurityVulnerabilities #BrowserExtensions #PDF #ReadAloud #Chromium
-
this concludes my reading of https://eprint.iacr.org/2026/058
what a paper. warmly recommended to read.
#crypto #passwordmanagers #bitwarden #lastpass #dashlane
14/n
-
Ars Technica: Password managers’ promise that they can’t see your vaults isn’t always true. “The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, and LastPass and identified ways that someone with control over the server—either administrative or the result of a compromise—can, in fact, steal data and, in some cases, entire vaults. The researchers also devised […]
https://rbfirehose.com/2026/02/18/ars-technica-password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/ -
Security issues found with multiple online password managers.
https://cyberinsider.com/popular-password-managers-fall-short-of-zero-knowledge-claims/
Bitwarden says they have fixed their issues:
https://bitwarden.com/blog/security-through-transparency-eth-zurich-audits-bitwarden-cryptography/
#Bitwarden #LastPass #Dashlane #PasswordManager #PasswordManagers #Infosec #Security #Passwords
Ping @karlemilnikka -
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
My solution for syncing keepass between Linux and iPhone (works with KeePassDX on Android too) using Nextcloud:
My Linux computer is running Incus, and one container is my Nextcloud server.
I have created a folder ~/nextcloud where my keepass.kdbx is located.
KeePassXC is using this file directly and since it's a local file it's always accessible.
I have mounted ~/nextcloud inside the Incus Nextcloud container as /data.
In Nextcloud I have monuted /data as a folder for my Nextcloud user.
In KeePassium in iPhone I have set it up to use WebDAV to my Nextcloud server and then choosen the keepass.kdbx file.
(This way I can also easily share any file between Linux and iPhone)
(I know there are other ways to do this, but since I want to always have access to keepass.kdbx on Linux even if Nextcloud is not running this solution best fits my needs)
#KeePass #KeePassXC #KeePassDX #KeePassium #Incus #Nextcloud #Linux #iPhone #Android #WebDAV #PasswordManager #PasswordManagers #Passwords -
2FA only works if the factors are separate.
If your password manager holds both your passwords AND your 2FA seeds/backup codes, your "second factor" is not really separate anymore.
What I changed (and a checklist):
https://marcelbootsman.nl/two-factor-authentication-only-works-if-the-factors-are-separate/ -
8 Of The Best #PasswordManagers That Users Swear By
https://www.bgr.com/2042928/best-password-managers-according-users/
-
Your aperiodic reminder that Passkeys don't yet have any sort of universal import / export format (specified by FIDO or elsewhere).
** This means that OS level Passkey support is effectively vendor lock-in to that platform **
If you must or need to use Passkeys then you really do need to use a third-party password manager that supports Passkeys, cross-platform.
If you wish to move from Windows to Linux (or might be forced too move) then you need to take your Passkeys (and passwords) with you relatively easily.
If you currently use Windows and Android (for example) then cross platform is important. Third party password managers will enable this cross-platform flexibility.
Also remember that Passkeys are only as secure and the recovery mechanism., in the event you loose access to that service. This means you probably still need to have strong passwords and TOTP 2SA configured for accounts, especially important ones.
-
Your aperiodic reminder that Passkeys don't yet have any sort of universal import / export format (specified by FIDO or elsewhere).
** This means that OS level Passkey support is effectively vendor lock-in to that platform **
If you must or need to use Passkeys then you really do need to use a third-party password manager that supports Passkeys, cross-platform.
If you wish to move from Windows to Linux (or might be forced too move) then you need to take your Passkeys (and passwords) with you relatively easily.
If you currently use Windows and Android (for example) then cross platform is important. Third party password managers will enable this cross-platform flexibility.
Also remember that Passkeys are only as secure and the recovery mechanism., in the event you loose access to that service. This means you probably still need to have strong passwords and TOTP 2SA configured for accounts, especially important ones.
-
Your aperiodic reminder that Passkeys don't yet have any sort of universal import / export format (specified by FIDO or elsewhere).
** This means that OS level Passkey support is effectively vendor lock-in to that platform **
If you must or need to use Passkeys then you really do need to use a third-party password manager that supports Passkeys, cross-platform.
If you wish to move from Windows to Linux (or might be forced too move) then you need to take your Passkeys (and passwords) with you relatively easily.
If you currently use Windows and Android (for example) then cross platform is important. Third party password managers will enable this cross-platform flexibility.
Also remember that Passkeys are only as secure and the recovery mechanism., in the event you loose access to that service. This means you probably still need to have strong passwords and TOTP 2SA configured for accounts, especially important ones.
-
Your aperiodic reminder that Passkeys don't yet have any sort of universal import / export format (specified by FIDO or elsewhere).
** This means that OS level Passkey support is effectively vendor lock-in to that platform **
If you must or need to use Passkeys then you really do need to use a third-party password manager that supports Passkeys, cross-platform.
If you wish to move from Windows to Linux (or might be forced too move) then you need to take your Passkeys (and passwords) with you relatively easily.
If you currently use Windows and Android (for example) then cross platform is important. Third party password managers will enable this cross-platform flexibility.
Also remember that Passkeys are only as secure and the recovery mechanism., in the event you loose access to that service. This means you probably still need to have strong passwords and TOTP 2SA configured for accounts, especially important ones.
-
Your aperiodic reminder that Passkeys don't yet have any sort of universal import / export format (specified by FIDO or elsewhere).
** This means that OS level Passkey support is effectively vendor lock-in to that platform **
If you must or need to use Passkeys then you really do need to use a third-party password manager that supports Passkeys, cross-platform.
If you wish to move from Windows to Linux (or might be forced too move) then you need to take your Passkeys (and passwords) with you relatively easily.
If you currently use Windows and Android (for example) then cross platform is important. Third party password managers will enable this cross-platform flexibility.
Also remember that Passkeys are only as secure and the recovery mechanism., in the event you loose access to that service. This means you probably still need to have strong passwords and TOTP 2SA configured for accounts, especially important ones.
-
Question regarding #Passwordmanagers: do you use a password manager like #Keepass and #Nextcloud or #Syncthing to access your db from desktop/laptop and mobile? If so how do you do it? What app on #Android works well to access the database? How bad are sync conflicts? I've been using Firefox's internal password manager and #Firefox Sync but would like a dedicated password manager like Keepass instead. I already have a Keepass db but I only use it for select few places, especially things I don't typically access via web browser (playstation account, router ...). I have never used it from mobile yet, but would like to try.
-
Ooooo, that's terrible of Games Workshop.
They've got a competition in their newsletter. It involves using your MyWarhammer account to log into a third-party website.
Except that the third-party website has a "Log in with MyWarhammer" button that takes you to warhammer.europe.auth0.com.
And yeah, sure, it's from the official newsletter and they probably are just using custom branded Auth0. But password managers don't match that to login.mywarhammer.com, which is REALLY BAD because it's training people to put their credentials in to potentially fake phishing pages!
-
@keepassxc is now relying on #AI -generated code.
https://github.com/keepassxreboot/keepassxc/pull/12588
Switch to OG #Keepass or an alternative.
https://keepass.info/download.html
#security #cybersecurity #cybersec #InformationsmSecurity #InfoSec #PasswordManager #PasswordManagers
-
@keepassxc is now relying on #AI -generated code.
https://github.com/keepassxreboot/keepassxc/pull/12588
Switch to OG #Keepass or an alternative.
https://keepass.info/download.html
#security #cybersecurity #cybersec #InformationsmSecurity #InfoSec #PasswordManager #PasswordManagers
-
@keepassxc is now relying on #AI -generated code.
https://github.com/keepassxreboot/keepassxc/pull/12588
Switch to OG #Keepass or an alternative.
https://keepass.info/download.html
#security #cybersecurity #cybersec #InformationsmSecurity #InfoSec #PasswordManager #PasswordManagers
-
@keepassxc is now relying on #AI -generated code.
https://github.com/keepassxreboot/keepassxc/pull/12588
Switch to OG #Keepass or an alternative.
https://keepass.info/download.html
#security #cybersecurity #cybersec #InformationsmSecurity #InfoSec #PasswordManager #PasswordManagers
