Lesley Carhart 
I’m worried about LastPass’ incident, but I’m equally worried about password managers of renown at all that have not recently disclosed any (data or code base) cybersecurity incidents. Any password manager is a huge, juicy target…
I’m also worried about all y’all going “lololol pEoPle UsE LasTPaSs” when getting just one person on a reputable password manager they’ll actually understand how to use is a massive, uphill battle.
David Anson@hacks4pancakes We probably agree there is SOME point at which everyone decides that storing passwords “in the cloud” is not safe even for regular folks. Even supporters of cloud solutions should be willing to acknowledge that. The question right now is whether this incident is bad enough for people to change their minds. To be honest, it sounds pretty bad and I doubt that most people will know they are affected or change all their passwords. So maybe this *is* a tipping point?
@hacks4pancakes From your other post: “If you use it, spend some time over the holidays changing all your meaningful passwords in it and your master password.”
I just don’t see regular people doing that even in the face of a breach like this. If so, then this scenario needs to be factored into the equation because it’s such a juicy target. This is a catastrophic failure mode that no amount of good practices by a user can prevent and that may be enough to rule out cloud storage?
I just don’t see regular people doing that even in the face of a breach like this. If so, then this scenario needs to be factored into the equation because it’s such a juicy target. This is a catastrophic failure mode that no amount of good practices by a user can prevent and that may be enough to rule out cloud storage?
@DavidAnson Cloud storage is a major factor in most people adopting password vaults, so I really think I’d lean on the strength of their master passwords over suggesting they essentially stop using password managers.