• ebits21@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Mostly a risk on initial setup.

      I’ve been waiting a bit for it to stabilize and just using huge random passwords

      • Zetaphor@zemmy.cc
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If you’re using a password manager you’d be doing this for every site and without even having to think about it. Bitwarden is a great choice.

        • ebits21@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Oh I do. Used Bitwarden for many years.

          I actually use keepass for totp codes too.

        • The Cuuuuube@beehaw.org
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I like KeePass. Bitwarden currently has an nginx exposure in the Dockerfile published in their git repo (may have been fixed since a couple of days ago). That said, I used Bitwarden for many years and switched out of an abundance of paranoia, and am definitively not recommending against it. Just basically use one of the following:

          • Bitwarden
          • KeePass
          • 1password

          And stay far the fuck away from LastPass

          • delollipop@beehaw.org
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            my uni is currently still recommending lastpass as of now, tho I’ve heard they might be looking for alternatives …

            • The Cuuuuube@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Let your classmates know that last pass has semi permanently damaged their trustworthiness by trying to hide a security breach, and then downplaying the severity of the breach, and that your University’s security recommendations are intrinsically suspect as a result