- Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
- Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
- However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
I use one of the password managers mentioned in the article, purely for the convenience of apps on all my devices, syncing and complex individual passwords. Should I be looking to move to self hosting something instead? Would my host (likely a synology Nas or raspberry pi) not then have the same risks?
I believe Proton Pass does not have the design flaws shown in the article. For instance, if you lose your password, you lose your data. Your data is encrypted and decrypted on your device.
This is what all the listed password manager claim.
I self host via vault warden. And I have it locked behind tailscale vpn. Aside from your server itself getting hacked, which is a risk, this is more secure than having passwords on the public internet.
I host a pi hole via diet pi already, vault warden is packaged for diet pi already, project for the weekend!
Love the raspis, just make sure the passwords are not stored on the sd card because those fail all the time hah.
Security through layers. The flaws found here are about compromised server, so hosting your own server is a good first step. Next step is making the server only accessible via your own VPN. And of course hardening the server.