Wladimir PalantDec 26, 2022

Writing more about #LastPassBreach feels like beating a dead horse. But I had a look at the official statement again and it is highly misleading. I felt the need to provide some context that #LastPass is willingly omitting.

“Again, it seems that LastPass attempts to minimize the risk of litigation (hence alerting businesses) while also trying to prevent a public outcry (so not notifying the general public). Priorities…”

https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

What’s in a PR statement: LastPass breach explained

The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.

Almost Secure
Show threadYeleek
@WPalant great article. What would you recommend please for someone who wants a password manager on multiple devices, which supports yubikey and is better than LP?
Dec 26, 2022 at 9:56pmWeb
Show threadWladimir PalantDec 27, 2022
@yeleek Sorry, I’m a bad person to ask for recommendation. I wrote my own password manager because I was unhappy with my choices. From the products I looked at, 1Password is the only one I could recommend security-wise. But another security researcher I very much respect isn’t very fond of their vulnerability handling.
Show threadYeleekDec 27, 2022
@WPalant thanks anyway