Oh Lastpass

tl;dr you had one job.

Facepalm: LastPass, one of the most popular password manager services out there, was breached this past August. The company is now saying that the damage done by the unknown hackers is much worse than was initially assessed. Users should change their passwords asap

Yeah having the actual vault stolen is unforgivable. I tweeted last week when I read the news.

Oh lastpass. Spending the day changing every password I ever had in the history of ever, moving to bitwarden, and setting my lastpass account on fire. How's your day going?

With every single password from my lastpass vault now changed (not updated in lastpass obviously) and added to Bitwarden, time to nuke the account from orbit. This was a satisfying confirmation to read:

Your LastPass account has been permanently deleted and all of your data has been purged from our systems.


  1. martymankins says:

    I was at one time, tempted by LastPass. But given my years long use of both Splash ID and 1Password, that temptation was finally put to rest when LastPass pulled that "only one device supported with the free plan". I mean, I get the push to a paid plan, but at least support 2 devices to see how it works.

    Sorry to hear of this latest hack. But Bitwarden is a good choice moving forward.

  2. kapgar says:

    My company requires us to use LastPass and I wondered how that would play out with the LP founder's admission on their blog. Well, we're sticking with it. Apparently if we have master passwords greater than 12 characters (which we're required and enforced to) and that master password is not used on any application or site saved in LP, you're supposed to be fine. Not sure how that works out but that's above my pay grade. I do not use LP personally.