![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Bad news about the LastPass password manager: https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.My friend Jacob writes:
This is your regular reminder that if you're still using LastPass you should, uh, stop that.He and others recommend 1Password (paid, USD $34/yr) -- there are also other recommended alternatives in that thread.
It's not just this one incident; they've had a series of terrible incidents & appear to learn nothing. Eg: E2E encryption is littered with bugs and has been broken/bypassed repeatedly. The master key is accessible by the sever. Malicious plugins can exfil your master password. The support forum (phpbb) somehow knows your master password. And more.
This isn't about scorning; LastPass is actively unsafe and people need to not use it.
Oh dear
Date: 2022-12-17 08:31 pm (UTC)I've used 1Password since rocks were soft -- well, since version 3 in August 2011.
I've been increasingly frustrated with their lack of customer service -- you have to post a new thread in their public forum. Face ID hasn't worked in iOS since August
I was looking to switch. Ugh.