The Private Citizen 141: How LastPass Made Itself Obsolete

1 Like

Thanks for calling me an insane geek! :slight_smile: (I use KeepassXC, and I sync its database between my devices using Syncthing.)

But seriously, thanks for the episode! I was aware of the whole kerfuffle, but I didn’t realize it was a backup of unknown age that was exfiltrated. I stopped using LastPass in 2019 and deleted the vault, so I thought I was not affected. You’ve just prompted me to give my passwords a good revision, especially the old ones.

Thanks for the episode.

I am/was a LastPass user as well, although it seems that I was not burnt as much as you did, my iterations count was 100100.

When I first heard of the issue, the scope of the breach was not known, and I didn’t feel the motivation to change it, as the expectation was that even in the case of a breach, adhering to good practices should keep a user safe.

I still believe that I would not be affected, as I have a randomly generated master password.

But on further reveals, I also started to lose trust: on one hand, regarding keeping URL data un-encrypted, and the un-justifiable mess with keeping low iteration numbers.

For me, I believe that when LastPass started, it provided state-of-the-art protection, and maybe was one of the pioneers to bring password managers to the masses. But obviously, the landscape has changed, and it seems that it didn’t keep up.

So now I’m also making the switch to Bitwarden, which for now seems to be keeping up with the times.