I've been using 1Password for many, many years with a local vault. I never needed a crazy master key because, I mean, there was no remote login concerns. To be clear, my master key isn't weak. It's just something I've used for a long time.

I've been with BitWarden for SIX whole days and I got an email that someone logged into my Bitwarden account from the other side of the world. I'm furious. I'm sure they immediately exported my entire vault, and now I have to go through and change 300 passwords.

It's definitely my fault because I was SO used to how I'd been doing things before, I didn't even think about the fact my master key was now vulnerable. I was apprehensive about not using a local vault in the first place, and now I'm even more turned off by it.

UPDATE: I wrote this at the apex of frustration. Let me clarify, I understand this was my fault. This isn't about bad security, this is about the fact I didn't fully allow myself to recognize the security differences in the two different ways of hosting my passwords — hopefully I can save someone in the future who goes down the same path as me. My password I was using was *completely fine* for a locally hosted platform where it would never touch the internet. It was absolutely not okay with a hosted password solution.

I focused on changing my email, banking, web hosting, utility, and ecosystem passwords. I will spend the next several days doing the next 250.