At this point, LastPass is a form of password sharing. No rational person should be trusting it.
If anyone wants an alternative, I'm a big fan of https://www.passwordstore.org/
Pass essentially takes your passwords stores them in a regular file and encrypts the file using GPG. These files are then stored in a folder that uses git to do version tracking of the files. All this means that:
- Pass can easily be distributed (you can sync your password across devices via GitHub, Gitlab, or your own ssh/git setup) - Passwords are encrypted using GPG, so y unless someone has your private key they’re not decrypting anything - It’s open source and there is a client for basically all operating systems - If you can’t install a client or need to access a file, it’s just a regular encrypted text file so you can decrypt it using GPG and edit it how you see fit.
Things that suck: - Setup isn’t as easy as lastpass: You’ll need to generate an private key/public key pair. While this is fairly easy, sharing that key to your other devices can be hard especially mobile. - Your passwords are now protected with a key file not a single password (most likely it’ll be a keyfile protected by a key) so if you’ll need to make sure you back up that key. - It doesn’t just work, if you want cross platform usage, you need to setup your own cross platform distribution method. Although the pass community basically uses git for distribution so it isn’t horrible but not as seem less as other products
