Online Password Manager -> Pay, Don't own your most important Data Offline Password Manager -> Don't Pay, Own your most important Data a no brainer. If you aren't stupid you can secure your offline password manager backups yourself.
Looks like the crowd likes old school offline mode. My setup is having Vaultwarden in a home setup. The vault works offline if there's no internet access, but if it's online I just fire up my VPN back to my house and it connect to my Vaultwarden. It's not too difficult to setup but I feel it's a lot more secure and resilient in every way. I also run backup jobs of the vault to an external server.
Sure, you can look at LastPass as an example of when things go wrong. But if you have the right set of security controls, you can mitigate much of that risk.
It's all a matter of personal preference. I use keepass because I value security above conveinience. I do not entrust my data to 3rd parties. You see how many breaches occur online daily? All of them also say that users/customer data security is of utmost importance. Those who value conveinience above security choose iPhone. Those who value security above conveinience choose Android (with a more private OS of couse, maybe GrapheneOS) Like myself for example, I rarely if at all need to login to accounts away from home, so portability isn't really needed in my case.
100% agree on personal preference. To get even more specific, it's personal preference + your risk profile. Some users are going to be more of a target than others. Those people should take extra precautions.
Online password valts have more security? No, they don't. Did you forget how a developer had an ENTIRE unencrypted database of their customers (millions) logins and passwords on his laptop which got compromised through a Plex vulnerability? You're pumping incomplete and bad info out into the interwebs.
Check out my LastPass video that covers how that attack happened. The developer and LastPass as a whole do not have unencrypted copies of passwords. The attacker was able to gain access to backups that contained the encrypted vaults (which would require the master password of the user to unlock, which LastPass does not have).
Interesting way to do it and definitely doable. If the risk was great enough, I could see that as a viable option. For me, I'd rather just go with a dedicated solution.
Most people are not going to be able to do this easily. The level of effort and associated risk does not overcome the convenience of using an online password manager. Check out my other videos that discuss the security of specific online vaults to see the security features they have.
Bro u just mad cuz u didn’t organize good enough your passwords and u got stuck in airport cuz offline passwords are just so good i use offline password manager on phone also the keepassxc
@@teachmecyber I also agree with u and maybe for an average person who actually doesn’t have an extra ordinary cyber life I would say maybe they work but not every one for my self as IT I wouldn’t keep my password in an online service I keep them offline because I believe more my server for example then a server of a password manager anything happens cops want ur details in paper password managers they don’t share the info with cops legally what they do instead is they leave vulnerability in their service so the cops can get there themselves and there u are with all ur passwords discovered by cops there are thousands cases like that and yeah as for the service and the smoothness it self is true an offline service would never be able beat an online service but passwords is all about security so we go after the better security
Couldn't agree more. I'm using bitwarden browser extension myself, but am running my own version of their server software called vaultwarden. Don't worry i have it protected many different ways.
A floppy disk is pretty safe. Who out there still has a drive to read it?
haha fair point!
Hmm, you know thats a great point. Maybe I should get some floppy drives and disks that noone else can read.
Online Password Manager -> Pay, Don't own your most important Data
Offline Password Manager -> Don't Pay, Own your most important Data
a no brainer.
If you aren't stupid you can secure your offline password manager backups yourself.
🤷 it's a personal choice.
Looks like the crowd likes old school offline mode. My setup is having Vaultwarden in a home setup. The vault works offline if there's no internet access, but if it's online I just fire up my VPN back to my house and it connect to my Vaultwarden. It's not too difficult to setup but I feel it's a lot more secure and resilient in every way. I also run backup jobs of the vault to an external server.
That's a decent setup for remote use.
There are a lot of moving parts with online password managers. All it takes is one fuck all vulnerability.
Sure, you can look at LastPass as an example of when things go wrong. But if you have the right set of security controls, you can mitigate much of that risk.
It's all a matter of personal preference.
I use keepass because I value security above conveinience.
I do not entrust my data to 3rd parties. You see how many breaches occur online daily? All of them also say that users/customer data security is of utmost importance.
Those who value conveinience above security choose iPhone.
Those who value security above conveinience choose Android (with a more private OS of couse, maybe GrapheneOS)
Like myself for example, I rarely if at all need to login to accounts away from home, so portability isn't really needed in my case.
100% agree on personal preference. To get even more specific, it's personal preference + your risk profile. Some users are going to be more of a target than others. Those people should take extra precautions.
Imagine storing your crypto keys with online password manager? :O
You can do dhis with offline one and backup.
Online password valts have more security? No, they don't. Did you forget how a developer had an ENTIRE unencrypted database of their customers (millions) logins and passwords on his laptop which got compromised through a Plex vulnerability? You're pumping incomplete and bad info out into the interwebs.
Check out my LastPass video that covers how that attack happened. The developer and LastPass as a whole do not have unencrypted copies of passwords. The attacker was able to gain access to backups that contained the encrypted vaults (which would require the master password of the user to unlock, which LastPass does not have).
Sync your password vault with Syncthing? Then you have it on the devices you own, and not in some Cloud
Interesting way to do it and definitely doable. If the risk was great enough, I could see that as a viable option. For me, I'd rather just go with a dedicated solution.
No. May as well give your password hashes to hackers to unhash now. It's your responsibility to update your offline data across your devices.
Most people are not going to be able to do this easily. The level of effort and associated risk does not overcome the convenience of using an online password manager.
Check out my other videos that discuss the security of specific online vaults to see the security features they have.
Bro u just mad cuz u didn’t organize good enough your passwords and u got stuck in airport cuz offline passwords are just so good i use offline password manager on phone also the keepassxc
The convenience of online password managers is so much easier than having to manage the offline versions.
@@teachmecyber I also agree with u and maybe for an average person who actually doesn’t have an extra ordinary cyber life I would say maybe they work but not every one for my self as IT I wouldn’t keep my password in an online service I keep them offline because I believe more my server for example then a server of a password manager anything happens cops want ur details in paper password managers they don’t share the info with cops legally what they do instead is they leave vulnerability in their service so the cops can get there themselves and there u are with all ur passwords discovered by cops there are thousands cases like that and yeah as for the service and the smoothness it self is true an offline service would never be able beat an online service but passwords is all about security so we go after the better security
Punctuation is a thing@@Zenit977
Couldn't agree more. I'm using bitwarden browser extension myself, but am running my own version of their server software called vaultwarden. Don't worry i have it protected many different ways.
Sounds like a robust setup!
Don't be lazy, mate
😂😂
It’s all about the threat model at the end of the day.
I’m online too.
Expect my million dollar Bitcoin wallet. That’s offline 😜
Best to keep that wallet in cold storage!
@@teachmecyber It's in deep cold storage. That's like normal cold storage but a vendor slapped a fancy name on it!
😂😂😂 extra security delivered by the marketing team
I love floppy disks! lol
Old school! 😂
fed
😂😂
Um LastPass anyone?
Even with lastpass, the convenience and features are worth it.