brainwane: several colorful scribbles in the vague shape of a jellyfish (jellyfish)
[personal profile] brainwane
Bad news about the LastPass password manager: https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
 We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.
My friend Jacob writes:
 This is your regular reminder that if you're still using LastPass you should, uh, stop that.

It's not just this one incident; they've had a series of terrible incidents & appear to learn nothing. Eg: E2E encryption is littered with bugs and has been broken/bypassed repeatedly. The master key is accessible by the sever. Malicious plugins can exfil your master password. The support forum (phpbb) somehow knows your master password. And more.

This isn't about scorning; LastPass is actively unsafe and people need to not use it.
He and others recommend 1Password (paid, USD $34/yr) -- there are also other recommended alternatives in that thread.

(no subject)

Date: 2022-12-02 10:01 am (UTC)
bibliofile: Fan & papers in a stack (from my own photo) (Default)
From: [personal profile] bibliofile
I'll second 1Password, which I've been using for about a year. Makes life easy, as long as I remember the one password! The payment came to $38.55 with taxes & such.

(ETA: I picked it because it's recommended by Bruce Schneier, among others.)
Edited Date: 2022-12-02 10:01 am (UTC)

(no subject)

Date: 2022-12-02 10:22 am (UTC)
viggorlijah: Klee (Default)
From: [personal profile] viggorlijah
Damnit I just paid for LastPass

(no subject)

Date: 2022-12-02 02:37 pm (UTC)
moem: A computer drawing that looks like me. (Default)
From: [personal profile] moem
That's great information, thank you!
Just this year I finally switched away from using browser integrated password managers, and I'm now using KeePassXC. It has a really goofy name but I like that it's local to my machine... of course that means no synched anything. I'm fine with that.

Oh dear

Date: 2022-12-17 08:31 pm (UTC)
jesse_the_k: Text: "backbutton > wank / true story" with left arrow button (Back better than wank)
From: [personal profile] jesse_the_k

I've used 1Password since rocks were soft -- well, since version 3 in August 2011.

I've been increasingly frustrated with their lack of customer service -- you have to post a new thread in their public forum. Face ID hasn't worked in iOS since August

I was looking to switch. Ugh.

Page generated Jun. 8th, 2025 10:29 am
Powered by Dreamwidth Studios