> Ideally it's the responsibility of management, starting at the top, to think critically about what kind of software most benefits the company and reward those that do it.
I work as if that ideal is true, and can’t stand playing the game. But others are still playing the game and eventually they win whatever B.S. position it is that they aspire to, and I get removed from the board.
Centralizing everyone’s credentials after all these years still seems like the most risky idea ever. The only thing possibly more attractive to a hacker would be free sex and drugs, but only for a little while, and then they’d go back to trying to steal everyone’s credentials.
Some other targets: everyone’s PII, info on friends, family, pets, answers to security questions, mobile IDs, PIN numbers, account numbers, signatures, photos, fingerprints, voice patterns, facial and retinal scans, gaits, DNA, mitochondrial RNA.
I have similar gripes, but I still feel like on balance, randomizing passwords across accounts is more important. Selfhost vaultwarden ftw (or not — don’t f*ck it up)
The point is if they even have access to my encrypted data, they wouldn't be able to access the plaintext without the key (and yes the passphrase is not sufficient).
You are wrong, the article posted said the heists happened because of both a breach and cracking master passwords. LastPass E2EE relied on keys from the master password using a password hash that had a low iteration count. Therefore low entropy passphrases could easily be cracked. Furthermore not all data was encrypted. This is all a weakness of their E2EE. 1Password uses both PAKE for remote authentication and a high entropy key (128-bit) and therefore doesn't solely rely on a master password. There is an actual difference.
Of those links you posted, two of them could've equally affected a password manager that was local. All password managers can be subverted by external threats whether using cloud storage or not.
My point is, properly implemented E2EE (hopefully vetted by cryptographers) is marginally different to a password manager using local storage. Sure having it cloud hosted can affect more than one user, but attacking the ciphertext data would be infeasible.
I don't know what you mean by insufficient protection, but as I said proper E2EE implementation provides sufficient protection. A symmetric encryption scheme that satisfies IND-CCA2 with a high entropy key is infeasible to decrypt without knowledge of the key. This is well understood basics of cryptography. LastPass failed at the high entropy key part / slow password hash, but also leaking metadata in plaintext. Pretty much other password managers don't have this issue, both local and cloud based.
Just because it didn’t work for your hair doesn’t mean it wasn’t a good decision to eat it, though! I have ADHD, and broccoli (which has folate) helps me focus.
> and they mostly see Firefox as a monetisation vector.
They could’ve gone the Wikipedia route and heavily asked for donations, but, instead, they’ve chosen to sell user data. That’s why I must leave. At least Google was very obviously reliant on advertising. Mozilla had no excuse other than desperation and pure idiotic evil.
> One alternative recommended by the present article, Brave, is dabbling in ads as well
It blocks ads by default. It also doesn’t indicate it would sell my data. So, I’m using Brave or anything that doesn’t sell my data until Ladybird is available.
- Leaving my smartphone in the car in case I must MFA for work or have for safety... I’d love to use a flip phone or minimal smartphone that only had camera, FaceTime, maps and an authenticator; I could just delete apps, but I don’t want to be able to install anything that wastes my life.
- If others are watching streaming video, could go somewhere else to read.
But, I may not have adequate willpower, and I struggle to read.
I work as if that ideal is true, and can’t stand playing the game. But others are still playing the game and eventually they win whatever B.S. position it is that they aspire to, and I get removed from the board.