Privacy

36419 readers

698 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Vaultwarden vs KeePassXC for extreme security (lemmy.ml)

submitted 3 days ago by agile_squirrel@lemmy.ml to c/privacy@lemmy.ml

12 comments fedilink hide all child comments

I was thinking about how all of my passwords are compromised if I have malware on my system. It made me wonder, does Vaultwarden or KeePassXC/KeePassDX offer better protection on a malware infected system?

Vaultwarden

Only accessed locally via LAN/VPN
Set up for 2 factor authentication using WebAuthn (FIDO)

KeePasssXC/KeePassDX

Synced locally via syncthing
Set up for 2 factor authentication using HMAC-SHA1 Challenge-Response
All clients blocked from internet access

I don't use browser extensions and I manually copy/paste my passwords to fill in entries.

KeePass has good memory protection, but the 2FA can be read from USB and doesn't change every time the database is decrypted. Vaultwarden enables the more secure FIDO2 2FA, but to my knowledge has less secure memory management as the entire entire database is decrypted on unlock.

you are viewing a single comment's thread
view the rest of the comments

[–] helpImTrappedOnline@lemmy.world 15 points 3 days ago* (last edited 2 days ago)

The way I see it, Password managers protect best against website password leaks.

By making it very easy to have different passwords for everything, one password leak won't compromise your entire online portfolio.

The self managed nature of keypass and vault warden makes them less susceptible to a major fup outside your control, i.e A business can't mismanage your passwords resulting in a major leak or deletion. For better or worse, you're in charge of your own database.

They won't protect you from various malware, except maybe a key logger that doesnt know how to copy the file? If someone actually wanted into your database without brute force, they could figure it out. If you find malware that's been on your system for a while (longer than you download something and AV stops it before running), change all your passwords. Luckily you'll have a handy list of everything.

Edit; another advantage is if they take over the computer/steal files there's not much they can do with an encrypted password file, its better than a txt doc with all your stuff.