Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.

      • Ex Nummis@lemmy.worldOPEnglish
        0·
        3 months ago

        These kinds of breaches are at the site level. Not much you can do as a regular user if the company doesn’t hash or salt their passwords, for example.

        • Joeffect@lemmy.worldEnglish
          1·
          3 months ago

          Not from what the article says

          involves compromised download links and trojanized versions of the legitimate KeePass application that appear identical to the authentic software on the surface, while harboring dangerous capabilities beneath.

    • Godort@lemmy.caEnglish
      0·
      3 months ago

      I assure you, the rare security issues for password managers are far preferable to managing compromises every couple weeks.

      • Ex Nummis@lemmy.worldOPEnglish
        01·
        3 months ago

        I’ve only really been in one breach. This one is actually a breach of a “security firm” (incompetent idiots) who aggregated login data from the dark web themselves, essentially doing the blackhats’ work for them.

        This is also EXACTLY why requiring online interactions to be verified with government ID is a terrible idea. Hackers will similarly be able to gain all possible wanted data in a single location. It’s simply too tempting of a target not to shoot for.

        • Darkassassin07@lemmy.caEnglish
          0·
          3 months ago

          I currently have 110 unique user+password combos. I wouldn’t want to change all those even once, if I were breached and had used similar credentials everywhere.

          Bitwarden keeps them well managed, synced between devices, and allows me to check the whole database for matches/breaches via haveibeenpwned integration. Plus because I prefer to keep things in-house as much as possible, I even self-host the server with vaultwarden walled off behind my own vpn, instead of using the public servers. (this also means it’s free, instead of a paid service)

          • ryannathans@aussie.zoneEnglish
            0·
            3 months ago

            For everyone else reading, bitwarden is an open source free password manager. The pro features are less password related and more about sharing access, file storage, and 2fa authenticator integration

            • Darkassassin07@lemmy.caEnglish
              1·
              3 months ago

              Fair point.

              The self-hosting part was mostly about total control over my own systems and less about the paid features. It’s very much not necessary.

              As far as pro features go, It was the TOTP authenticator integration that was kind of important to me. ~20% of my accounts have TOTP 2fa, and bitwardens clients will automatically copy the latest 2fa code into the clipboard when filling a password.

              Bitwarden will even tell you if a saved account could have 2fa (the service offers it), but it’s not setup/saved in bitwarden atm.