Vincenzo Corleone
Full time employment: Posting here.
- Joined
- Jul 20, 2005
- Messages
- 617
If you are willing to trust the extensive security measures a brokerage or bank website uses, then you should be even more willing to trust the very extensive security measures being used by companies like Bitwarden and KeePass.
I recently read through much of the Bitwarden FAQs regarding their encryption, storage, and security measures, and I'm convinced their open-source, extensively audited password manager app is essentially unhackable. Once you really understand the methodologies they're using, like "zero knowledge", salted and hashed passwords, etc., then you should be convinced that no hacker realistically could steal your data. This is probably also true for your brokerage/bank site data, but IMHO it's less clear for those sites because they are not open-source (i.e., their code is proprietary and private) and their security methodologies are not as transparent. The fact that you continue to use them, log into them, and have accounts with them implies a very high degree of trust, presumably based on their reputations and their "say so", whereas companies like Bitwarden and KeePass have gone well beyond that to openly demonstrate their rock-solid security measures.
I was a software developer myself, although I didn't specialize in password security. Isn't using salted, hashed passwords pretty basic security 101? Have no sites using salted, hashed passwords been hacked?