jacobianNov 30, 2022

This is your regular reminder that if you're still using LastPass you should, uh, stop that.

https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/

Notice of Recent Security Incident - The LastPass Blog

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

The LastPass Blog
Show threade. hashmanNov 30, 2022

@jacob And in the interest of "here are some good alternative password managers:"

- 1Password (paid, $34/yr) https://1password.com/
- Bitwarden (FOSS, free or low cost tiers) https://bitwarden.com/

People told me to move off LastPass for years but weren't very helpful with offboarding. 1Password is what I use now, it has much slicker autofill support and integrates well with Firefox on Linux and Android.

Password Manager & Extended Access Management | 1Password | 1Password

More than a password manager and leader in Extended Access Management. Secure all sign-ins to every application from any device with 1Password.

Show threadmike bayer  
@ehashman @jacob very high quality UX on both desktop and android are what i need which is why I dont want to bother with hand-rolled commandline tools etc. 1password looked kind of dorky some years back
Nov 30, 2022 at 10:34pmWeb
Show threade. hashmanDec 1, 2022
@zzzeek @jacob 1Password was lightyears ahead of LastPass, and the migration took 15 minutes. I regret not switching sooner.
Show threadmike bayer  Dec 1, 2022
@ehashman @jacob do they offer open standards TOTP for 2FA ? per https://www.tomsguide.com/news/lastpass-vs-1password they only support..."Authy and MSFT authenticator"? WTF ? no google authenticator etc. ?
LastPass vs. 1Password: Which password manager wins?

Find out whether LastPass or 1Password is the password manager that's right for you

Tom's Guide
Show threadmike bayer  Dec 1, 2022
@ehashman at the moment if im going to switch, running the bitwarden clone in a container is seeming most appealing at the moment
Show threadJonathan Kamens 86 47Dec 1, 2022
@zzzeek @ehashman @jacob Tom's is wrong. While 1Password lists Authy and Microsoft on their support article (https://support.1password.com/two-factor-authentication/) as the examples of Authenticator apps you can use, it's standard TOTP so you can use any Authenticator app, and WebAuthn as well. I don't know why the support article is unclear like this, but it's definitely ambiguity in the article, not a functional limit in the actual product.
Turn on two-factor authentication for your 1Password account

Learn how to set up two-factor authentication and manage your trusted devices.

1Password
Show threadmike bayer  Dec 1, 2022
@jik @ehashman @jacob good to know, that looked kind of alarming to see
Show threade. hashmanDec 1, 2022
@jik @zzzeek @jacob yup, this. I use a separate app for TOTP but 1Password supports it