[Updated] LastPass password manager breach 2022: What we know & the best alternatives
New updates are being added at the bottom of this story…….
Original story (published on December 23, 2022) follows:
LastPass is a password management service that lets users store and manage their passwords and other sensitive information in a secure and convenient way.
It is available as a browser extension for Chrome, Firefox, Safari, and other browsers, as well as a standalone app for both desktop and mobile devices.
LastPass password manager breach
According to reports, it was revealed earlier this month that the popular password manager, LastPass, had a massive data breach in August 2022.
An attacker gained access to the development environment and was able to access sensitive information like the source code. While the company did try to downplay the situation, users are now finally getting the truth.
For anyone using LastPass a breach reported this week – they accessed backup customer data. Using a password manager for unique passwords across apps and services is better than not doing it. While unfortunate, these things might happen as we balance security with convenience.
lastpass breach, if you want my advice? don’t use a password manager. any password manager. ever heard of a single point of failure?
The news has understandably caused a great deal of concern and frustration among LastPass users.
Many have taken to social media to express their concern and irritation, with some being skeptical of using any password manager service.
Questions are being raised about LastPass’s security measures and about the fact that they didn’t do enough to protect consumer data.
Some even pointed out that the company uses PBKDF2 encryption which has fewer iterations than the recommended OWASOP (the Open Web Application Security Project) method.
A breach like this is sure to leave a scar on the trust of its users. It is pretty understandable if some of them want to switch over to other potentially more secure password managers in the market.
We’ve done the hard work and created a list of popular and safe password management solutions that are trusted by many.
Here are some of the best alternatives to LastPass:
1. 1Password: It’s a password manager that comes with AES 256-bit encryption and only you get access to the decryption keys. Designed from the ground up to protect you from data breaches, 1Password is a great choice on any given day.
2. Bitwarden: Completely open-source and probably the most secure one on the list. The best thing about open-source code is that it’s consistently moderated by thousands of users to maintain full transparency.
And don’t worry, your passwords can only be encrypted by you. One can start with the free plan and then decide to pay for the premium options.
3. KeePass: Another great open-source alternative that is lightweight and easy to use. Also uses popular encryption methods like AES-256, ChaCha20, and Twofish.
4. Dashlane: As claimed by the developers, Dashlane is a password manager that has never experienced a data breach. It is a simple and intuitive password management solution that comes with a plethora of other features.
The LastPass password manager breach was a strong reminder of the importance of choosing a reputable and secure password manager as well as the need to regularly update and secure online accounts.
Keep tabs on this story as we will update it with further developments.
Update 1 (March 03, 2023)
11:28 am (IST): LastPass just announced an update in regard to the recent security concerns. They have also shared some guidelines that can help users protect themselves.
You can also check out the following in order to gain better insight into the said update.
Backups of ALL customer vault data, including encrypted passwords and decrypted authenticator seeds, exfiltrated in 2022 LastPass breach, You will need to regenerate OTP KEYS for all services and if you have a weak master password or low iteration count, you will need to change all of your passwords
PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.