I appreciate the air of publicity this story brings.
You probably can't trust your password manager if it's compromised
In other headlines: water is surprisingly wet.
this post was submitted on 18 Feb 2026
28 points (78.0% liked)
Privacy
46307 readers
1856 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
Yeah, the title is not that informative.
KeePassXC ftw
I always keep my keepass databases offline for good
Bitwarden offers offline also. And self hosting I believe.
I need to search this KeePass. I read it in other comments, but I have never heard of it before.
KeyPassXC is the way to go, IMO. It is wonderful. The password db is stored locally on your disk. It integrates nicely with firefox and probably other browsers too. Open source, no spyware, "just works".
It's pretty good. I was using pass but keypassxc is easier. It also handles passkeys well. Here it is on Windows: https://portableapps.com/apps/utilities/keepassxc-portable. For Linux, just search for it in the package manager. Not sure about Mac.
KeepassXC is also available for Mac.
In other news. Water is wet
Am I the only person here that never used one just because of this? They all sounded too sus to me.
You can use local ones like KeePassXC.
I have a degoogled phone with e/OS. I might try if they get a bit further into my use of their products and security. It sure would simplify methods.
I have a similar setup with LineageOS. I use KeePassXC on PC (KeePassDX on Android). I can sync them via Nextcloud with peace in mind because the database is already encrypted. Syncthing-fork also works if you want completely local.
I'm sure e/OS already has a password vault app in their list but if not KeePassXC is fully local out of the box and can be used with DX on Android.
It's far secure than Firefox's built-in password manager.
Keeping them in your head? So, your passwords must be shit, lmao.
Zero threat prioritisation.
See explanation below.
Shit passwords confirmed
correct horse battery staple
for the average person's home pc, writing them down on a sticky note or notebook is sufficient
if someone unauthorized is physically in your house then you have bigger problems than them knowing your facebook password
And those handwritten notes are secure random passwords and never repeat?
Just too much work for the average person and too inconvenient to type.
What did you do instead?
I have a few that I just have off the wall for a few things and I memorize those. Some I just use ssh keys. Others go off a pattern and I put hints in a file to figure it out. The account itself is not even put in this file, so I have to just know what the hints mean for both the account and what password pattern hints go with them. Usually, the user IDs are something I store in this file, because those get too tough for the aforementioned methods of determinism.