I can't believe how absolutely reckless Lastpass has been with our data. I have a 23-character master password, which is very complex. But the fact that the hackers now have a complete roadmap to every URL I use and the ability to take all the time they need to crack my vault does not make me feel very secure. I think LastPass has failed at its core mission, which is to secure my data, which it failed at miserably.
While LP says, don't worry, your passwords are safe, I am still left feeling like an escaped child predator kidnaped my children. Nothing they do or say will make me feel any less like my skin is crawling; just waiting for the next update to this saga, where LP states, oh well, they do have access to your vault.
While I am preparing to dump LP for good, I can't help but wonder what a nightmare they have unleashed on scores of people who feel like I do. We paid good money for a secure method of storing passwords, only to be sold out by a bunch of bumbling, incompetent stewards of our data.
Please let me know if anyone has suggestions for the best LP alternative. Thank you.
indeed..now my account has been suspended after multiple login failure....what a wonker LP ...I have keep some sensitive info in it...and now LP has been hacked.... ROFL ..now I dont have any ideas how to login to LP to take back my sensitive info...
That the were breached is not what I hold against them. That they were breached in AUGUST and didn't reveal until December that vaults were stolen is where they right fully deserve castigation.
That they have stated that there were unencrypted fields (such as URLs) but haven't provided a COMPLETE list is also reckless. If, e.g. a password was stored in a note field by accident or on purpose, is it now exposed?
That they have NOT immediately rolled out features like sort password by age, or "here are the passwords that you should consider changing if you are worried about our data breach tells me that they foolish about data security, and not interested in keeping their existing customers.
There is no getting back what was stolen, but LastPass/LogMeIn could go a lot further to be good citizens of our most important data. There are credit cards, debit cards, VIN numbers a slew of personal bits of data in our vaults so the "Your vault should be secure" stance is FOOLISH thinking. Their lack of complete disclosure is also appalling.
The fact that I cannot, for example, methodically go through my passwords to change any of those that MAY have been leaked makes me realize I'll be better off finding a password manager that does provide this feature. I'll change my passwords as I import them into the new password manager since LastPass is providing no tools to do it.
Also, when other institutions have been hacked, they paid to protect their customers with automatic enrollment in Identity Theft protection services. LastPass isn't doing that, are they?
I can recommend 1Password as they seem very good so far and actually help with the cost of switching https://1password.com/switch/ - I'd already switched when I found this out but emailed support and they actually discounted my next years subscription
Also when looking into the data breach I found that there have been 7 other data breaches in the last 10 years at LastPass - this was the first time I'd heard about them....
I feel OK. I am responsible for my own digital safety. LP is like having a security guard with a copy of my house keys. We would never imagine for a moment that people never attack security guards.
LP is not there to take my responsibility. It's just a tool.
Somebody has hit our security guard over the head and stolen his lockbox, inside which are my housekeys.
I'm not going to fire the security guard and get someone else. That would not improve things and might make it worse. So I change the locks. I.e. change all my passwords. Which I should do every 3 months anyway. LP makes that easy.
Target URLs are already pretty easy to get, I'm not worried personally.
Expanding on your analogy what happens when the guard gets another bit down and they once again take the lockbox with your new keys inside?
If the guard is “free of charge” then I agree it’s on me but if you are paying for the guard what do you? Pay for him to take self-defense classes?
I could not agree more with the title of this thread. I was always a bit unsure of what I can put in the vault, come to find out the security of this company are fools. I am slowly updating passwords and deleting items from the vault and once that is done I am going back to the I use to handle my passwords. I do not think this company can survive this issue. idiots