LastPass: It's not me, it's you
Losing trust never feels great, and sometimes it's time to move on.
It may seem like something trivial, but using a password manager is more important today than ever before. There are constant headlines talking about how a different app or service was breached. But what do you do if your favorite password manager is the service that was hacked, as is what we've seen with LastPass in recent months?
The market for the best password managers is rather fierce, even if there aren't as many options compared to something like a to-do app. LastPass is one of those password managers that has been around for quite a long time, as the app was introduced all the way back in 2008.
What's happened with LastPass?
Since then, the company made a few different changes, before it was acquired by LogMeIn Inc. in 2015. These included some rather divisive decisions, such as limiting the free version to only being available on one desktop or mobile device at a time, as opposed to having it accessible on both at the same time. Ultimately, this was a different way for LastPass to encourage users to pay for a premium subscription, instead of just sticking to the free version.
More importantly, LastPass has been the subject of a few major security breaches, something that can't be said for some of its strongest competitors. The first breach was discovered in 2011, as LastPass was forced to request that all of its users change their master passwords.
In August 2022, LastPass published a blog post and sent an email to users revealing that "an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.” According to the LastPass CEO, none of the data within vaults or Master Passwords were compromised.
In December 2022, an update was provided explaining that hackers were able to "copy a backup of customer vault data from the encrypted storage container." However, the data was still secure due to the need for a Master Password in order to access the data. Unfortunately, some information that was accessible included names, email addresses, and phone numbers.
Fast forward to March 1, 2023, and another blog post was published by the LastPass CEO, providing even more information. LastPass maintains that it has "not seen any threat-actor activity since October 26, 2022." Additionally, there are two "Security Bulletin" guides that walk users through different ways to improve account security.
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
Can you trust password managers?
How often do you find yourself needing to log into a different app, website, or service on a daily basis? Chances are that you've already logged in, but if you just got a new phone and needed to transfer data from your old phone? Well, that means that you'll need to log back into everything.
Hopefully, you're not taking cues from your grandparents and just writing down all of your passwords in a notebook. Although, that's still massively more secure than just using the same password for all of your accounts. That being said, if you're not using a password manager already, we strongly recommend doing so.
All of this might sound a bit frightening and you shouldn't rely on password managers at all. A silver lining in all of this is that it just further drives the point home that you should keep your accounts as secure as possible.
Pretty much every password manager includes the ability to automatically generate a secure password. Arguably just as important is the need to use two-factor authentication, where possible. And if you want to go even further, you can use a hardware security key, meaning that your account can't be accessed unless that key is recognized.
Alternatives to LastPass that we trust
We're not going to go through the entire list of password managers that are available. However, if you're a LastPass customer and are trying to figure out where to go next, here are a few of our favorites.
1Password
1Password has been around even longer than LastPass, making its debut in 2006. The app was recently redesigned from the ground up with 1Password 8, and is available across pretty much every mobile and desktop platform.
Download from: Google Play Store
Bitwarden
Take most of the functionality that you'll find in 1Password or LastPass, make it free, and open source the work. That's where Bitwarden comes in, as it's also available on pretty much every major platform, but is completely free to use.
Download from: Google Play Store
Google Passwords
The last option shouldn't come as much of a surprise, but if you're using Chrome or Android, then Google Passwords is a fine choice. There's a good chance that many of your passwords are already saved, and Google is continuing to make improvements to turn this into a more robust utility.
Andrew Myrick is a Senior Editor at Android Central. He enjoys everything to do with technology, including tablets, smartphones, and everything in between. Perhaps his favorite past-time is collecting different headphones, even if they all end up in the same drawer.