jacobianDec 22, 2022

I am once again asking you to stop using LastPass. The company has a history of security issues dating back years, and has yet to make holistic security improvements — or heck even investigate incidents properly.

Good alternatives:

- 1Password is my #1 rec, best for most use cases
- Bitwarden if you want open source
- KeePassXC if you want local vaults and open source
- I hear ok things about Dashlane but don’t know a ton

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Security Incident December 2022 Update - LastPass

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

The LastPass Blog
Show threadKadinDec 23, 2022

@jacob Do we have any real evidence that #1Password is any better? I do not think that lack of admitted breaches should be taken as evidence that none have occurred.

Any major password manager is going to be targeted by significant adversaries. I would suggest that having the encrypted databases compromised is par for the course and should be assumed into the threat model.

Is 1Password's model technically better than #LastPass, if we assume full DB access by an adversary?

Show threadHopsNbarley
@kadin @jacob
I'm also looking for an alternative. Seems just a matter of time before any of them has some sort of compromise.
Dec 23, 2022 at 9:08pmWeb