BOLO: Is LastPass on its Last Leg?! ð§ Is it time to get a new password manager? ðģ
There has been a lot of development in the LastPass debacle since I reported last month. Now, as 9To5Mac reports, the news gets worse for LP and its Customers! In short, LP Customer's vaults were actually hacked. Contrary to LP, the ability to hack LPC's passwords could just take two months and $100 versus the two or more "millions of years" LP claimed its security provides. And that is not even the last of the bad news.
As Wladimir Palant of Almost Secure (via TechMeme) reports: There are many more "misstatements" made by LP that LPCs should be aware of! If you are a LPC and an attorney, you need to check on your passwords and other information you relied on LP to protect. I would do this IMMEDIATELY.
I would also encourage you to switch password managers. I use (and currently not getting anything free from) 1Password. I pay for a family subscription. 1Password has an extra layer of security built into the program that LP lacks. 1Password's software provides a computer-generated security code in the user's program/app. So, a hacker would need both its user password and the user's app-generated password in order to open a 1Password vault. In other words, a breach of just your vault password is not enough to steal your guarded passwords, protected information, etc. A hacker would need the other key too.
Yes, you probably still need to update your password minder from LP, even as passkeys are soon making the concept of computer passwords the way of the dodo bird! But the idea of passkeys replacing passwords is a story for another time. Meanwhile, make sure your passwords are protected!!!