Well, based on what everyone fears is happening over at lastpass, attackers just... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hedora on Dec 6, 2022 \| parent \| context \| favorite \| on: Passwordless Authentication – Access Your Bitwarde... Well, based on what everyone fears is happening over at lastpass, attackers just download all the encrypted vaults, then brute force the master passwords. I have a hard-to-guess master password, but it wouldn't surprise me if they could crack it with a 2026 vintage GPU farm.

dvzk on Dec 6, 2022 [–]

Anyone who doubts you should run zxcvbn and more modern entropy estimators against their passwords. Our intuitions are not good. Offering password-based encryption to normal users is borderline unethical.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact