It may seem like something trivial, but using a password manager is more important today than ever before. There are constant headlines talking about how a different app or service was breached. But what do you do if your favorite password manager is the service that was hacked, as is what we've seen with LastPass in recent months?
The market for the best password managers is rather fierce, even if there aren't as many options compared to something like a to-do app. LastPass is one of those password managers that has been around for quite a long time, as the app was introduced all the way back in 2008.
What's happened with LastPass?
Since then, the company made a few different changes, before it was acquired by LogMeIn Inc. in 2015. These included some rather divisive decisions, such as limiting the free version to only being available on one desktop or mobile device at a time, as opposed to having it accessible on both at the same time. Ultimately, this was a different way for LastPass to encourage users to pay for a premium subscription, instead of just sticking to the free version.
More importantly, LastPass has been the subject of a few major security breaches, something that can't be said for some of its strongest competitors. The first breach was discovered in 2011, as LastPass was forced to request that all of its users change their master passwords.
Multiple serious vulnerabilities and breaches have been revealed within LastPass over the past few years.
In August 2022, LastPass published a blog post and sent an email to users revealing that "an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.” According to the LastPass CEO, none of the data within vaults or Master Passwords were compromised.
In December 2022, an update was provided explaining that hackers were able to "copy a backup of customer vault data from the encrypted storage container." However, the data was still secure due to the need for a Master Password in order to access the data. Unfortunately, some information that was accessible included names, email addresses, and phone numbers.
Fast forward to March 1, 2023, and another blog post was published by the LastPass CEO, providing even more information. LastPass maintains that it has "not seen any threat-actor activity since October 26, 2022." Additionally, there are two "Security Bulletin" guides that walk users through different ways to improve account security.
Can you trust password managers?
How often do you find yourself needing to log into a different app, website, or service on a daily basis? Chances are that you've already logged in, but if you just got a new phone and needed to transfer data from your old phone? Well, that means that you'll need to log back into everything.
Hopefully, you're not taking cues from your grandparents and just writing down all of your passwords in a notebook. Although, that's still massively more secure than just using the same password for all of your accounts. That being said, if you're not using a password manager already, we strongly recommend doing so.
All of this might sound a bit frightening and you shouldn't rely on password managers at all. A silver lining in all of this is that it just further drives the point home that you should keep your accounts as secure as possible.
Pretty much every password manager includes the ability to automatically generate a secure password. Arguably just as important is the need to use two-factor authentication, where possible. And if you want to go even further, you can use a hardware security key, meaning that your account can't be accessed unless that key is recognized.
Alternatives to LastPass that we trust
We're not going to go through the entire list of password managers that are available. However, if you're a LastPass customer and are trying to figure out where to go next, here are a few of our favorites.
