@jacob reporting security incidents should be the norm but I'm sure there are countless instances where this is not the case. LastPass reported theirs now, I'm afraid that if they meet with scorn and hostility for it, their competitors (or themselves in the future) might decide against being open about this sort of thing.

Besides, since all data is E2E encrypted, it doesn't seem like this actually put users in danger this time?

@ambv generally I'd agree with you but this is different.

It's not just this one incident; they've had a series of terrible incidents & appear to learn nothing. Eg: E2E encryption is littered with bugs and has been broken/bypassed repeatedly. The master key is accessible by the sever. Malicious plugins can exfil your master password. The support forum (phpbb) somehow knows your master password. And more.

This isn't about scorning; LastPass is actively unsafe and people need to not use it.

@ambv I use and recommend 1Password.

AFAIK Dashlane is fine too — they've had some serious issues in the past too, but unlike LastPass seem to have fixed them all and are pretty solid now.

I believe Bitwarden is OK too, but have less info there. And I understand that KeePass and KeePassXC are good if you don't want a cloud component (but I do want a cloud component, so haven't tried them.)