@neil password managers are obviously high-value targets, but like security software in general, there is far more snake oil than genuine security. I've never trusted LastPass and 1Password. Closed source and loud marketing are a strong indicator of "avoid" as far as I am concerned.

I used to rely on the Apple Keychain, but now that I am moving away from Apple due to creeping enshittification I am relying on KeePassXC.

@neil I wasn't too worried about this at first, because my vault was secured way beyond the default level of pbkdf iterations and with a long unique password.

Then I discovered they didn't actually bother encrypting everything in the vault. Passwords, yes, but notes? Nope. WHAT?!

Absolutely unconscionable!

Dropped them in a second, moved to BitWarden and had a somewhat unenjoyable Christmas day cycling passwords just in case, because all trust in LastPass had evaporated.

@neil I tried to LastPass up several times at work, but every time their client software was such a bug filled mess, I was never able to complete the sign up; and also the thought process "if they can't reliably make a simple sign up form work, what are they like with security", needless to say I was unsurprised when the data breach was reported

vaultwarden is here:

https://github.com/dani-garcia/vaultwarden/

Your data, encrypted, on your own server. This works really well for family sharing too, in my experience.

@neil so... 75p per head?

That's what the ICO thinks personal data is worth, eh?

@neil Those fines are really too tiny.

@neil and it's because of that breach I'm now with @bitwarden