"Complex" passwords are only hard to memorise because the rules provided for creating them don't take account of human psychology (or indeed in many cases, the mechanics of crackability). the complex passwords needed for security are particularly hard to memorise" Why has my last "Hello World" program measured 10 MB, while the first only measured under 512 bytes? HockeyApp itself may only be a component, but how about Xamarin? Firebase would be easier to replace since it is only a component. I think I will try pressuring the devs to consider replacing both. A healthy amount of skepticism will suspect HockeyApp of the same. NET and also a subsidiary company of Microsoft. Bitwarden is built using Xamarin which is part of the open source. HockeyApp for crash analytics, okay, I can understand the need to have data to improve the reliability. What else did Google embed in the push code? Even though the Bitwarden app may only be using the push functionality of Firebase to sync the database. Too many steps and unfamiliar actions for the typical end-user. I had no trouble switching to the F-Droid build. Not the best solution for the masses though. I did change to the F-Droid build to avoid the third-party code. With this news, I re-examined the situation. I checked this aspect out when I switched to Bitwarden. And, assuming the devs don't have a clue what their software is doing is insulting. I'm not saying he's wrong about LastPass but you can't just assume that because an app uses a particular analytics service that it is sending everything about you to them. If I use analytics in an app I know exactly what is being sent. If a service does not tell me what data it can collect and provide me control over what is collected then I won't use it. I know exactly what data is collected and transmitted to third-party services by my apps. Really they should work as devs before moving into security in order to understand how software works.įor example: "Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz" - Bullshit. > It's not enough to look at what frameworks an app uses with some rubbish toolĮxactly and I wish some of these security "experts" that I've invariably never heard of before would understand that. Turning off push notifications on a Bitwarden server will disable using the push relay server if you want to self-host. Please note, Firebase and HockeyApp are removed completely from the F-Droid build if you are interested in using that option. The HockeyApp is used for crash reporting. In the mobile app, the Firebase script is used for push notifications. Q: What third-party scripts, libraries, and services are used?Ī: Currently, we load third-party payment scripts from Stripe and PayPal on payment pages in the Web Vault. It's not enough to look at what frameworks an app uses with some rubbish tool, you also have to look at what exactly it does with it, and anyone can do that, because Bitwarden is open source and anyone can convince themselves that nothing is tracked there: They only use App Center to get crash reports and Firebase only uses the notification API for push notifications. You can avoid that by enclosing the URL in angle brackets, like this. While it is possible to set up triggers on the PC side to propagate edits made on the iPhone side, for me it wasn't worth the trouble.īTW The URL you posted doesn't work - because SF assumed the period was part of it. The sync instructions help, but you have to either avoid making changes on the iPhone, or else place two copies of the database in your Dropbox (one for the iPhone to use and one to sync to) and do all the syncing from the PC side - plus you have to remember to always re-import the database from Dropbox instead of just opening the copy that MiniKeePass has saved for itself, and to re-export to Dropbox afterward.Īfter much experimentation, I came to the conclusion that if you must have access to your passwords from your iPhone while also maintaining access from your PCs, the easiest way is to treat MiniKeePass as if it were read-only. kdbx file between my PC and iPhone, and found that MiniKeePass doesn't synchronize databases, i.e., it can't move any edits made on the iPhone to the PC without also obliterating any edits that were made on the PC in the meantime.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |