My bank, helpfully, reversed the last charge, but can't help me further, or stop them from trying again.

I contacted LastPass. They acknowledge I don't have an account, & that they have no basis for charging me.

Then they ended all further correspondence. Unhelpfully, I now get regular spam telling me how important my case is to them, but not engaging with me.

I just filed a #GDPR complaint with ICO, & we'll see how this goes ...

But - and I cannot stress this enough - #FuckLastPass.

@downey

and I rudely stepped in the thread and asked about 1Password - which is what I think Scott responded to 🙃

For #FuckLastPass I think the question whether the notes field is encrypted is still unanswered - which is driving me nuts as that's where people often store things that an attacker might find useful...
@scottlougheed @epixoip

@epixoip
Thanks for those great insights - I hadn’t seen the hash rate data / speed estimates before. So randos with a decent password should be “reasonably” safe. I use P@ssword4321 so I think I’m golden, 12 characters, upper case, lower case, numbers and special characters… 🤣

I did indeed spend several hours yesterday one by one going through each account in #FuckLastPass, changed the password, setup 2FA on the few where I didn’t have it, and added them to #1Password.
Fun.