undefined | Better HN

0 pointsMaxBarraclough1y ago0 comments

Surprised to see Forget LastPass, as if it's the current incumbent. It very much isn't, at least in my perception. LastPass disgraced itself into irrelevance back in 2022.

https://en.wikipedia.org/wiki/LastPass#2022_customer_data_an...

0 comments

willis9361y ago

You wouldn't want to give free publicity to a serious competitor like btiwarden, 1password, or keepass.

avree1y ago

1Password is still around? I used to love it, then they changed the app, pricing schema, UX, and generally made things worse overall.

tiltowait1y ago

1Password is both still around and still the benchmark, much as that pains me to say given how much of a UX regression 1P8 was.

MobileVet1y ago

Wow. Each to their own I suppose. We have a corporate account and I think 1Password is pretty fantastic. Additionally, all of our employees are given family accounts, that include 5 individuals, for free. I highly recommend 1Password to everyone I know.

1 more reply

doublepg231y ago

I use 1Password daily but missed anything before this version switch-up I guess. I've got nothing but positive things to say.

fanf21y ago

2019: LastPass leaks credentials from previous site. https://bugs.chromium.org/p/project-zero/issues/detail?id=19...

2017: Design flaws in LastPass two factor authentication. http://www.martinvigo.com/design-flaws-lastpass-2fa-implemen...

2016: More LastPass security vulnerabilities. https://palant.de/2016/09/16/more-last-pass-security-vulnera...

2015: Even the LastPass will be stolen. http://www.martinvigo.com/even-the-lastpass-will-be-stolen-d...

BXlnt2EachOther1y ago

Off-topic comment to urge any LastPass users before Sept 16 2022 to please look into parent post's link. LastPass said accounts deleted before June 21 2022 were not affected if that's still up to date.

If I understand:

Attackers got access to LastPass's account data backups directly and in bulk. 2FA doesn't help here.

While LastPass since increased their password rounds for new accounts to 100k+, many users especially long-time users had them set well below and never updated. Reports of 5000 rounds, 500 rounds, ... even 1 round.

URLs were not encrypted. If you had sensitive URLs, I think you have to treat them as compromised. If you had crypto exchange logins or high-value URLs, I'd imagine you might attract extra attention.

[edit for typos].

jiveturkey1y ago

It's zdnet and the headline is designed as clickbait. LastPass is likely the most recognizable brand (LastPass claims #1 on their homepage) and among the knowledgable, it absolutely has among the highest recognition not to mention clickbait-worthiness.

The article text mentions 1Password as the first listed PWM product.

santoshalper1y ago

Maybe that's what they were going for?

j / k navigate · click thread line to collapse