I disagree, at least in terms of open source solutions. Assuming Bitwarden isn’t altering their server implementation without telling anyone, it is basically impossible for them to be hacked in the way you’re thinking, as the servers do not hold any decrypted vault data. If the service is propreitary, you cannot trust that they are encrypting all contents before reaching their server.
Even a full plaintext master database password breach shouldn’t affect a competant user, as you should obviously be using 2FA with a cloud password manager.
And even if your master password and bitwarden 2fa leaked and someone gained access to your vault, any accounts with 2FA enabled (so long as you aren’t keeping 2FA keys in Bitwarden, please dont do that. [The same applies to KeePass]) can’t be compromised without your second factor.
I disagree, at least in terms of open source solutions. Assuming Bitwarden isn’t altering their server implementation without telling anyone, it is basically impossible for them to be hacked in the way you’re thinking, as the servers do not hold any decrypted vault data. If the service is propreitary, you cannot trust that they are encrypting all contents before reaching their server.
Even a full plaintext master database password breach shouldn’t affect a competant user, as you should obviously be using 2FA with a cloud password manager.
And even if your master password and bitwarden 2fa leaked and someone gained access to your vault, any accounts with 2FA enabled (so long as you aren’t keeping 2FA keys in Bitwarden, please dont do that. [The same applies to KeePass]) can’t be compromised without your second factor.