FizzleDec 29, 2022
Andrew Couts
If you're still using LastPass, you should really turn on two-factor on every account that offers it, change all your passwords, and switch to a new password manager thanks to the severity of its most recent breach, reports @lhn http://www.wired.com/story/lastpass-breach-vaults-password-managers
LastPass Data Breach: It’s Time to Ditch This Password Manager

The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves.

WIRED
Dec 28, 2022 at 7:55pmWeb
Show threadDan BauerDec 28, 2022
@couts @lhn whatever password system you use I’d advise you to turn on 2 step verification with every site that that offers that level of protection
Show threadStephen PaulgerDec 28, 2022
@grandhipoobah @couts @lhn Bitwarden, and possibly others, has a report of which of your accounts could be using 2FA but aren’t. Very handy.
Show threadJake Jarvis Dec 28, 2022

@aimaz @grandhipoobah @couts @lhn

1Password has an excellent UI for exactly this!

(don't go trying to hack me, 10 years of using 1Password means I have a lot of junk accounts laying around 🫣)

Show threadScott WillseyDec 28, 2022

@aimaz @grandhipoobah @couts @lhn yeah, 1Password does the same. It’ll also flag sites that have had known breaches so you know to change passwords there.

Good password managers have come a long way.

Show threadTHAT effin' Canadian guy....Dec 28, 2022
@couts @lhn Deleted my LastPass account, but now the question becomes....where do I find the time to change 1000+ passwords?.... 
Show threadAndrew CoutsDec 28, 2022
@VDA @lhn the struggle is real
Show threadTHAT effin' Canadian guy....Dec 28, 2022
@couts @lhn This'll take me years....
Show threadsladnerDec 28, 2022
@couts @lhn this such a bummer. As a longtime lastpass user, I have done all this article advises except switching to another manager
Show threadStephen DrennanDec 28, 2022
@couts @lhn
I use Dashlane. Which I think is OK, as they encrypt everything…?
Show threadAndrew CoutsDec 28, 2022
@AVO8OHM @lhn LastPass encrypts everything too. It’s more that the company has had multiple security incidents, and it’s not providing users with information they need to assess their risk.
Show threadAndrew CoutsDec 28, 2022
@AVO8OHM @lhn Sorry, not “everything”—it doesnt encrypt URLs of saved accounts, which could allow the attackers to target their cracking efforts
Show threadStephen DrennanDec 29, 2022
@couts @lhn OK, ta.
Show threadErin JonesDec 28, 2022
@couts @lhn Andrew, I have 670 passwords in LastPass. I've changed all my financial and social and shopping passwords. Serious question, how important is it for me to change everything else? It would take many days of work. How likely is it for the thieves to crack the vault with a good strong Master password?
Show threadAndrew CoutsDec 28, 2022
@lhn @erin You’re off to a good start! And there’s no easy answer here. Make sure to change your email passwords as those can be used for password resets and to mine a massive amount of personal information that might be used to crack other passwords, for phishing, or otherwise exploited.
Show threadAndrew CoutsDec 28, 2022
@erin @lhn Sorry I didn’t directly answer your question: Basically, prioritize the accounts that could be used to ruin your life in one way or another or be used to access accounts that could be used to cause serious damage or disruption in your life. I know this sucks, but start at the top and just chip away at it, and that’s the best your can do.
Show threadErin JonesDec 29, 2022
@couts @lhn Thank you!
Show threadCultured ShrimpDec 28, 2022

@couts @lhn thanks for sharing.

I no longer use LastPass.
An year ago I switched to BitWarden.
Do you know if BitWarden also has breaches? Is it a safer choice?

Show threadDaddy ~ GrouchDec 29, 2022
@couts @lhn
I have no interest in 2fa its a con!