undefined | Better HN

0 pointsxvector3y ago0 comments

The whole point of a password manager is that "access security" will fail at some point. That's the reason they are E2EE.

Every password manager is built with the idea that one day, the server will be hacked and the vaults will be free to download. The same goes for E2EE in general.

With this in mind, LastPass and Bitwarden's solutions are very poor and can result in most customers vaults being breached, whereas 1Password's secret key model stays strong.

0 comments

ketzu3y ago

> The whole point of a password manager is that "access security" will fail at some point. That's the reason they are E2EE.

Maybe that's a better way of restating my point that access security is not identical to the security of the password store.

> With this in mind, LastPass and Bitwarden's solutions are very poor and can result in most customers vaults being breached, whereas 1Password's secret key model stays strong.

While believable that most peoples passwords are weak enough to be broken, I wonder how many people actually have bad enough passwords to be reasonably decrypted.

I have no doubt about the security of 1passwords secret-key model being stronger - and I haven't seen anyone claim any different. At most I have seen anyone claim it is cumbersome and will get people to use no password manager instead (resulting in weak, reused passwords).

j / k navigate · click thread line to collapse