Submitted by glawgii t3_ztx9k5 in technology
HanaBothWays t1_j1fux82 wrote
Typically they have handled hacks well in the past but they really screwed the pooch this time. If you are a LastPass user change both your master password and all your other passwords as well, starting with your most sensitive ones (email and finance).
If you haven’t used a password manager this shouldn’t put you off the idea, though. You’re still better off using one than not. But use BitWarden or something instead.
warchamp7 t1_j1gbthr wrote
How does BitWarden stack up against 1Pass?
HanaBothWays t1_j1gcbjd wrote
Do you mean 1Password? It’s free and open-source unlike 1Password although there’s nothing wrong with 1Password as such IMO. If you are using that keep on using it.
sleepybrett t1_j1ghqpu wrote
Any password manager that makes you use THEIR SaaS Cloud bullshit to store your vault is a risk. I dropped one password when they dropped support for local vaults.
coldblade2000 t1_j1gryh6 wrote
Yeah. Bitwarden (Pro, I think) has official self-host options
MCOfficer t1_j1hmj5i wrote
You don't need Pro to use Vaultwarden.
sleepybrett t1_j1i7qmx wrote
... and that's why I currently use it.
HanaBothWays t1_j1hidqx wrote
I do like being able to sync over the cloud but one should have options.
betweentourns t1_j1fxfgf wrote
>change both your master password and
Is it as effective to just deactivate your account? And then change your passwords of course
HanaBothWays t1_j1g0heq wrote
You have to go change them because the hackers might have accessed local copies and if you deactivate your account first it is a lot harder to keep track of what you changed when.
Also I don’t know if you can still look up your passwords/have access to anything from your vault if you deactivate the account! I suspect you can’t. I use a different password manager.
[deleted] t1_j1g280h wrote
[removed]
moekakiryu t1_j1h1fl5 wrote
>Typically they have handled hacks well in the past but they really screwed the pooch this time.
Yeah that (and ease of use) was one of the reasons I actually went with Lastpass - they actually have a known history of being open, and disclosing risks with customers. Even with a breach as big as this I would be a lot more forgiving if they hadn't already sent 2 alerts already, both with the conclusion of 'its not a big deal, they haven't accessed user data'. If there was even a risk (in hindsight there probably was) I would have liked to been told about that.
>If you haven’t used a password manager this shouldn’t put you off the idea, though.
Agreed. As I've told a couple friends already, even with this breach where there's a risk that the hackers literally have a physical copy of my encrypted passwords, I'm STILL in a more secure position than if I hadn't used one at all. Its probably extremely difficult to impossible to get the passwords and even if they do, it only takes me an hour or two to fix that by rotating all of the passwords I have, thanks to to having a giant list of what I need to change.
Viewing a single comment thread. View all comments