Personally I use KeePassXC + Syncthing, but Bitwarden/Vaultwarden is also a great.
What’s somewhat amusing, for lack of a better word, is that even that advice doesn’t fully resolve the issue, as Troy himself recently was the victim of a phising attack, where one part of the issue was that even legitimate sites changes their sign-in domains frequently enough that you kind of become numb to when the auto-fill stops working and just “correct” the issue without the necessary due diligence.
The problem with domains is that regular people would need to know what a domain is and what verified ownership says about the account in question.
Even then, reading domains is quite difficult, even for people who know about the topic: Humans are Bad at URLs and Fonts Don’t Matter
Excellent post as usual from Troy, but use Bitwarden, not 1Password
Personally I use KeePassXC + Syncthing, but Bitwarden/Vaultwarden is also a great.
What’s somewhat amusing, for lack of a better word, is that even that advice doesn’t fully resolve the issue, as Troy himself recently was the victim of a phising attack, where one part of the issue was that even legitimate sites changes their sign-in domains frequently enough that you kind of become numb to when the auto-fill stops working and just “correct” the issue without the necessary due diligence.
That link was a super interesting read!