Comment by Havoc
7 hours ago
After the LastPass fiasco I switched to selfhosting a password manager (bw).
Rapidly starting to think even a vibecoded solution may be a better plan relying on commercial options. High risk of don’t roll your own crypto mistakes but realistically that’s not the threat model here anymore for the random individual. It’s online breaches or perhaps a wrench attack not highly skilled crypto adversary. Plus there are probably ready made crypto modules so wouldn’t be a true handroll
Vibecoding a password manager might be the worst idea ever. You'd be better off with an encrypted Excel sheet. But otherwise, 1Password is great imo and there are other free open source password managers.
Actual password managers (eg not my old excel sheet) protect you against url doppelgänger and related phishing attacks, as well as incidentally discourage password reuse. 1Password can even now warn you if you try to paste into the wrong website (https://support.1password.com/browser-autofill-security/)
[dead]
The LLMs also help a script kiddie become a highly skilled crypto adversary though.
Especially if the concerns around Mythos are well founded.
I wouldn't worry.
The mythical Mythos can't even find Claude code bugs before releases.
True. No chance of me putting a DIY password manager on the open internet though. Would be behind WireGuard etc
I don't think concerns around Mythos are well founded. Highly doubt it will happen.
The concerns around Mythos are not well founded