Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (www.helpnetsecurity.com)

submitted 3 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

18 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Crank_it@lemmy.world 6 points 3 months ago

That probably works well for people who are able to self host.

I use cloud password storage. I don't have the knowledge, time, or inclination to self host.

[-] Creat@discuss.tchncs.de 2 points 3 months ago

In this context "self host" can ironically mean using a cloud service for hosting. You can use a file based password manager and just sync the database. Solutions like KeePass have apps for many platforms, and they can often even directly load from cloud storage, like Google drive, OneDrive or DropBox. The password database is strongly encrypted, and even if your storage gets compromised, your passwords are still safe (assuming a good password or some then better security was used to encrypt it).

You give up the convenience of having a single service and having to get each device to access the file. But that's it. It's not that hard and so much better than a password service, even if just for their attack surface, or the "likely target" these are.

this post was submitted on 09 Aug 2024

98 points (99.0% liked)

Cybersecurity

5754 readers

166 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social