Reply to thread

Message

<blockquote data-quote="Wladimir Palant" data-source="post: 1056279" data-attributes="member: 89522">This isn’t really about online vs. offline. It’s possible to encrypt data in a way that it is safe to store online. But for that you have to understand crypto and to encrypt everything. Most popular password managers are doing an okay’ish job on that – there might be smaller issues, but these aren’t showstoppers. In case of a breach, only a few high-profile targets might have reason to worry. Also, the other password managers took the LastPass breach as an occasion to check their security, and they did improve things.LastPass is really exceptionally bad. Not only is it clear from their source code that they don’t understand crypto and never did. This is at least their third breach, and they failed to learn from any of them. Never mind their “regular” security issues where they received reports of issues in the same area again and again, being unable to fix things properly.</blockquote>

[QUOTE="Wladimir Palant, post: 1056279, member: 89522"] This isn’t really about online vs. offline. It’s possible to encrypt data in a way that it is safe to store online. But for that you have to understand crypto and to encrypt everything. Most popular password managers are doing an okay’ish job on that – there might be smaller issues, but these aren’t showstoppers. In case of a breach, only a few high-profile targets might have reason to worry. Also, the other password managers took the LastPass breach as an occasion to check their security, and they did improve things. LastPass is really exceptionally bad. Not only is it clear from their source code that they don’t understand crypto and never did. This is at least their third breach, and they failed to learn from any of them. Never mind their “regular” security issues where they received reports of issues in the same area again and again, being unable to fix things properly. [/QUOTE]

Verification