Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.

  • KairuByte@lemmy.dbzer0.comEnglish
    3·
    2 days ago

    Just as an example, 1Password has a secondary encryption key that they can’t even recover. If you lose it, you’re fucked. I doubt the chances of that being cracked are any good at all.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      2·
      1 day ago

      Bitwarden has no secondary key, and the master key is never sent to the server. All they get is an email address and encrypted data. If you forget your key, your passwords cannot be accessed, which means an attacker is screwed too.

      There are tons of ways to give yourself ways to “recover” your password that don’t compromise you in a breach scenario:

      • logged in devices - they have the key decrypted and can generate a new one, re-encrypt, and overwrite the data server-side
      • store a physical copy of the password at home somewhere (notebook?)
      • share passwords with a trusted person (SO) for critical shared accounts
      • securely store an unencrypted backup of your password vault (say, on a personal computer with full disk encryption)

      Maybe that’s how 1password works, idk, but I do recommend verifying that there’s no password recovery option on whatever password manager service you use.