AidenDec 22, 2022

LastPass Leak Update: Encrypted Vaults Leaked, AND **URLs are not encrypted in LastPass**, so all URLs in your vault should be considered public information now, linked to your name and information. Goodbye LastPass, that's crazy bad by design.

Looking forward to Steve and @leo take on this in SN.

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Security Incident December 2022 Update - LastPass

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

The LastPass Blog
Show threadMattDec 22, 2022
@MarkWillard it is rare I have any sort of emotional response to a security incident but I’d be lying if I said this wasn’t infuriating.
Show threadjeremyDec 23, 2022
@matt @MarkWillard I’m tech-savvy adjacent, only enough to know to use a password manager. If the one I was using was, say, LastPass, should I disassociate from my annual payment plan immediately? And what one or two would you recommend instead?
Show threadMattDec 23, 2022

@jeremy @MarkWillard I won’t speak for Mark, but they’ve had a number of much less impactful issues over the years but this would be the point I’d move on.

I personally use 1Password and am quite pleased with it.

Show threadMark Willard Dec 23, 2022
@matt @jeremy agreed with Matt on both points. I've been using 1Password for about a year now and am really, really happy with it. I don't have personal experience with it, but I've also heard very good things about Bitwarden; which has a somewhat similar feature set to 1Password but unlike 1Password is free for individuals.
Show threadcharles
@MarkWillard @matt @jeremy I used to use Lastpass. I used 1Password briefly. I currently use Bitwarden and love it.
Dec 23, 2022 at 5:54amWeb
Show threadHastinDec 23, 2022
@charles @MarkWillard @matt @jeremy I'm lazyish and I use Microsoft Authenticator. Same password system as they use for their corporate auth, and I love that it can require a security key or my Windows Hello (Fingerprint/Face) login for unlocking. Solid Android app as well.