I use it currently, but I’ve seen a few people say it’s bad for privacy or something? Is this true? If so, what alternatives do you suggest?
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 14 users / day
- 18 users / week
- 24 users / month
- 15 users / 6 months
- 20 subscribers
- 619 Posts
- 1.56K Comments
- Modlog
I would assume the individuals who claimed BitWarden has privacy issues are not very well versed on the topic. If you wanted to check out some alternatives, a site I trust has the four highest rated password managers/generators from a security and privacy standpoint to be: BitWarden, LessPass, KeePassXC & Spectre. LessPass and Spectre generate passwords with no storage needs though. BitWarden is audited four times each year by a third party and I have only ever seen surface level issues identified which are always quickly amended.
LessPass and Spectre are really bad ideas. They sounded cool to me too until I thought about it more.
If your password for one site is compromised, you can’t change it, ever, which is already a dealbreaker. Moreover, the algorithm for creating the password is very fast - which means that if someone finds out your password for one service, they can brute force your master password extremely fast relative to other password managers. And they don’t even need access to your vault. Keep in mind, I’m not a security expert at all so I might be wrong about this.
Bitwarden and Keepass XC are the only password managers I recommend because attackers need access to your vault/database to be able to crack anything, and the cryptography used is intentionally slow as to make brute forcing less practical. The most ideal is to self host or use an offline database like Keepass does, which makes the risk of your database being compromised practically zero unless you’re some high profile target.