all InfoSec news
Bitwarden design flaw: Server side iterations
Almost Secure palant.info
In the aftermath of the LastPass breach it became increasingly clear that LastPass didn’t protect their users as well as they should have. When people started looking for alternatives, two favorites emerged: 1Password and Bitwarden. But do these do a better job at protecting sensitive data?
For 1Password, this question could be answered fairly easily. The secret key functionality decreases usability, requiring the secret key to be moved to each new device used with the account. But the fact that …
1password aftermath bitwarden breach data design device flaw job key lastpass lastpass breach people protect protecting question secret secret key sensitive data server server side usability