mushroom_daddy Posted December 1, 2022 Report Share Posted December 1, 2022 (edited) LastPass has reported another security breach, and as I understand it, not for the first time. I do like to think that Enpass is the best of the bunch, with the encrypted database stored in your own vault, but then if you sync that in the cloud (DropBox, Google Drive, etc.) to access anywhere & anytime, are you really any safer? Just how secure is any password manager? Discuss! At the end of day, I guess, if it's in the cloud it could get hacked – but if encrypted what are the real chances of any comprehensive password data being recovered by the hacker? Edited December 1, 2022 by mushroom_daddy Link to comment Share on other sites More sharing options...
Ivarson Posted December 1, 2022 Report Share Posted December 1, 2022 (edited) Enpass plays a lot on the card that their infrastructure doesn't hold any vaults, and therefore is more secure and compliant. Might be true. But any modern and proper password manager implements zero knowledge anyway, meaning that even with access to your vaults, they would never gain access to the keys needed to decrypt. In both cases (Enpass with local /sync vault) and cloud based managers with vaults on the vendors cloud, it's imperative that the software lifecycle is secured. Enpass being closed sourced and with more and more bells and wizzles that makes outbound calls, it's especially crucial. Also known as supply chain vector They've partially addressed that by recently getting iso27001 certification. Edited December 1, 2022 by Ivarson 1 Link to comment Share on other sites More sharing options...
Discordant Posted December 24, 2022 Report Share Posted December 24, 2022 The threat actor got a copy of everyone’s encrypted vaults. Sure, they were encrypted, but you can be sure there are a lot of people who used easy-to-guess master passwords. You know that a lot of people are going to have a lot of very private info go public at some point. People don’t only store login data in their LastPass vault. I’m glad Enpass supports using offline local vaults. It is safer. Link to comment Share on other sites More sharing options...
Discordant Posted December 27, 2022 Report Share Posted December 27, 2022 Discussion of the hack from a security researcher: https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now