The attacks went from LastPass and over to BitWarden. After the attacks and smea... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		t-writescode on March 19, 2023 \| parent \| context \| favorite \| on: Bitwarden PINs can be brute-forced The attacks went from LastPass and over to BitWarden. After the attacks and smear campaigns, shall the people unwilling to use KeyPass and other high-lift/high-risk pieces of software move on to using tiered password strategies for their hundreds of sites again?

LelouBil on March 20, 2023 [–]

It's not really an attack.

Pin is obviously less secure (however this could be mitigated by using a TPM as other commenters said) but it's not the default.

Their help page on pin even warns about the security risk, they should have the warning in the application.

I'll still use bitwarden (without pin).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact