LastPass was the first password manager I was aware of. The premise was simple: Using a LastPass account, you could store your website credentials in a “vault” on their servers. Your vault would be encrypted, both on their servers and in a local copy on your devices, to ensure that hackers couldn’t get to your logins even if there was a hack. The LastPass browser extension and mobile apps would then fill in your passwords for your accounts or generate a random secure password for your new accounts. All you needed to remember was your LastPass master password. It was simple, effective, and secure.
The key word in that last paragraph is “WAS”, as LastPass, since it was bought by LogMeIn in 2015, has experienced SEVEN security breaches and significantly worse responses to those breaches. LogMeIn had announced that they were spinning LastPass off as a separate company last year, which seemed like good news, though I had moved to BitWarden for my password manager by that point. Then came the latest breach, which occurred in August of 2022. At first, this just seemed to be another breach, with nothing to worry about as long as you changed your master password. Steve Gibson, host of the Security Now podcast on the TWiT network, gave more details on the breach shortly after it occurred during episode 886:
At the time, Steve stated that switching password managers was “an emotional decision as opposed to a rational decision” and that more information was needed regarding the latest breach before a rational decision could be made and chose to stay with LastPass at the time. As 2022 came to a close, however, that information came out, indicating that the breach was much more severe than LastPass initially let on. Don Pezet and ITProTV talked about how much worse the August breach was than we were led to believe in a recent episode of Technado:
Based on this new information, as well as how often LastPass was hacked over time, the time to leave LastPass is NOW. Fortunately, there are now plenty of excellent alternatives you can choose from to replace your LastPass account. These include:
Steve Gibson, who is now moving off of LastPass, went over these options during episode of 906 of Security Now:
Are you a LastPass user? If so, are you staying with LastPass or are you moving to another option? Are you already on a different password manager? If so, which one and why do you like it?
I’m very happy with Keepass, which is free and open source
I haven’t played with KeePass in terms of an all encompassing password manager, only when clients have it in their environment. Is there mobile support?
I moved to 1Password a few weeks ago, sadly not befor my vault was stolen. I like the experience using it far better than LastPass.
Isn’t changing all of your passwords FUN? 😀