The August LastPass breach is worse than we thought. I've seen enough. If you use this service, time to dump them.
#cososec
https://twitter.com/SwiftOnSecurity/status/1606071798667173888
Update from a former LasrPass engineer. It gets even worse.
https://twitter.com/ejcx_/status/1606428769731878913
@voltronic ...if you can. Last I checked the Cancel Subscription button was removed from the account management interface.
@kel
Are you f'ing kidding me? Shameful.
@voltronic Any other viable options?
As if I didn't have enough things on my to-do list already. 🤬
But I really appreciate you sharing the info.
@voltronic Yup. Time to dump them. Moved to 1Password 2 weeks ago. Today, changed banking passwords, didn't put new ones into LastPass. Changed master password and MFA.
@voltronic
Oh geez, I did not know this. Old client insisted I put it on my Chrome, so he could share his passwords. I never took it off when he stopped his retainer. Fortunately, I never used it for my own stuff. When I am at my desk again, I'll make sure to remove it.
I use the tried and true encrypted Excel spreadsheet with a pretty good password on it to open. It's also not on any cloud platform anywhere.
Thanks for letting us know!
@NaomiSkarzinski
I would not trust the encryption on an Excel sheet for a password database.
If you really want to avoid a cloud vault, look into LessPass or Spectre, described at the Privacy Tools website I linked. Or you can self-host a Bitwarden vault.
@voltronic Thank you. I will look at that LessPass when I am not tired. I really have concerns about having to go to the internet to generate passwords and the internet software is going to remember my passwords for me as long as I remember my masterpassword and no one on the internet is going to get to all of my accounts by hacking my one masterpassword.
In comparison to my encrypted spreadsheet on my hard drive, which no one has access.
But, as I said, I'm tired, brain not full throttle. 🙂
@voltronic I dumped LastPass a couple of years ago.
Here are good alternatives. I use Bitwarden, as do many others here.
https://www.privacytools.io/secure-password-manager
At minimum, I would strongly urge all LastPass users to change their master password to something stronger than it currently is, AND change passwords for all accounts in your vault. Then, enable 2FA for all accounts that support it if you haven't done so already. (This is best practice, regardless.)