Days since Lastpass security incident:

Yes

[deleted]

> While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. 

> To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.  

> The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords , secure notes, and form-filled data.

So they didn't access customer data in August, just afterward while they were aware of the breach? Am I reading this correctly?

Every time I come on this sub and see people recommend last pass I paste the Wiki on them.

https://en.wikipedia.org/wiki/LastPass

How those people still use this that company blows my mind.

You want a free password manager?

• BitWarden

You want a paid password manager that has MORE features, and have literally NEVER HAD A BREACH?!

• 1Password

Both companies paid for external audits and both companies are just fucking awesome, and actually care about it's users. You should see the hoops 1Password went through to finally satisfy it's macOS user's after switching from Native to Electron. I've never seen a company work that hard to prove themselves.

There's also local one's like KeePass and others but you really should have some sort of backed up password manager in case of catastrophic failure.

TLDR: I use 1Password, have for years and laugh at people who tell me LastPass is better because it's slightly cheaper.

They have everyone's vaults, but they don't have their passwords. So unless they take the time to bruteforce the vaults open or social engineer the owners for the key. The data is safe.

Also KeePass. Local encrypted storage. Never rely on a cloud service for your vital information.

I disagree to some extend. The world is built on cloud services. That doesn’t mean it’s a bad thing.

Relying on a service however that has had a dozen breaches is just fucking stupid.

I store the KeePass file on Dropbox as well as back it up locally so it can sync with my computer and my phone whenever I make changes. At least with KeePass, if the cloud storage goes away, I have my own local copy.

If 1password shuts down i still have my local stuff as well. Either way, two good options

Dropbox has had their issues.

Yea, OneDrive, or other cloud drive to make it easier. Definitely use a long password with letters, numbers, and symbols so the password file would be very difficult to decrypt.

LastPass has also passed external audits. They are SOC compliant among other things.