…but what if the password manager company gets hacked?
Surely they have access to every users passwords to every site?
No, they don’t want your passwords.
If they could access your passwords it would be a huge liability.
They architect things so that your passwords are encrypted and only you have the key.
LastPass did get hacked a few years ago and they stole all their data, but all the attackers got was a list of people’s emails.
They are architected with so that your pw creates the key, some others have an additional key as well. So I think it’s designed to avoid this, but some have recovery options as well so I won’t say it’s 100% safe in a hack.
Still this advice is many times better than the passwords most users pick on there own.
All passwords are encrypted using your master password. You’re the only one that knows your master password. There is on way for anyone to decrypt those passwords but you.
Even if the company gets hacked all the attacker would get is encrypted passwords.
[Keepass](https://keepass.info/) works with local databases
[Bitwarden](bitwarden.com/) stores encrypted muddle on its servers. You can self host it, then you store encrypted muddle.
Just use one like those two and you’re protected against that
Don’t use a cloud based one. My password manager is on a USB stick and backed up on local network encrypted storage. Even if someone gets the USB key, it’s encrypted and they can’t do anything with it. Even if they decrypt it, the master password is very complex not easily crackable. Even if they get the password, they would require an additional key file which is stored elsewhere. This is about as secure as it gets, but some ease of use is sacrificed.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Username or Email Address