Thats not so bad. I swear sales is always a magnet for this shit. They constantly insist on integration with the most dogshit slop products.
I heard thr saying, “LastPass is the Last Password manager you should ever use”. That was like, what, three breaches ago?
A separate mention should be made of PearPass. It is a new password manager, direct synchronization between devices without central cloud storage, store data locally on your devices and apps for major platforms.
PearPass as an interesting new option worth keeping an eye on.
At least it’s just salesforce data and not actual vaults and secrets.
I moved away from these guys a long, long time ago when they started upping subscription costs.
When Logmein acquired LastPass in 2015 I moved to Keepass and haven’t looked back. If the word enshittification existed back then it would have applied perfectly.
I went with bitwarden and signs are pointing to them going to shit now.
Maybe it’s time for me to keep ass.
keep ass with keepass
What signs are pointing to them going to shit? I don’t exactly keep up on this stuff, but I use their product and it is perfectly fine for me.
Sold to private equity and I think going closed source on some stuff IIRC.
Keepass & Syncthing has worked for years without an issue, even though my DB is opened on multiple devices at once. It is rare (once or twice a year) that I have a minor, easily solved sync problem.
I stopped my sub and havent noticed any changes to service. The autofill was never used so I just log in to grab a password for old logins and they are there.
Left for BitWarden after the first major breach. Sad. Such a good start back in the day.
Again? It happens a lot to them.
I selfhost Vaultwarden on my server. I use the Bitwarden client to access my passwords.
Hear hear. Same here. Not an issue in 4 months.
lastpass is already on my ‘stay far away from’ list, and have been on it for years:
Haven’t used Lastpass since the logmein deal rubbed me the wrong way, went to dashlane for many years but they had some security scares just recently. now I self host Vaultwarden, which is a bitwarden compatable server.
for maximum security I could have it local only and connect to it via VPN directly, but I put it behind nginx, with SSL, fail2ban with only my IPs whitelisted and a geofilter on top of that. so even if someone did manage to make it to the login page of the admin panel, they’d need a 30 digit passphrase and an email address username that only exists for that one application, get it wrong once and you are blacklisted.
That would make me so scared. Imagine having 1 or 36 too many beers and you need to check your bank account to see if you can afford the 49th beer so you mistyped one digit of your passphrase and now locked out of everything.
The Klue supply chain attack was claimed by the Icarus extortion group, who compromised the infrastructure of the AI-powered market intelligence platform and stole OAuth tokens that connected customers’ Salesforce environments.
At least someone is finding good use for AI lol
