Haven’t used Lastpass since the logmein deal rubbed me the wrong way, went to dashlane for many years but they had some security scares just recently. now I self host Vaultwarden, which is a bitwarden compatable server.
for maximum security I could have it local only and connect to it via VPN directly, but I put it behind nginx, with SSL, fail2ban with only my IPs whitelisted and a geofilter on top of that. so even if someone did manage to make it to the login page of the admin panel, they’d need a 30 digit passphrase and an email address username that only exists for that one application, get it wrong once and you are blacklisted.
That would make me so scared. Imagine having 1 or 36 too many beers and you need to check your bank account to see if you can afford the 49th beer so you mistyped one digit of your passphrase and now locked out of everything.
Haven’t used Lastpass since the logmein deal rubbed me the wrong way, went to dashlane for many years but they had some security scares just recently. now I self host Vaultwarden, which is a bitwarden compatable server.
for maximum security I could have it local only and connect to it via VPN directly, but I put it behind nginx, with SSL, fail2ban with only my IPs whitelisted and a geofilter on top of that. so even if someone did manage to make it to the login page of the admin panel, they’d need a 30 digit passphrase and an email address username that only exists for that one application, get it wrong once and you are blacklisted.
That would make me so scared. Imagine having 1 or 36 too many beers and you need to check your bank account to see if you can afford the 49th beer so you mistyped one digit of your passphrase and now locked out of everything.