It hasn’t been a particularly good few months for LastPass, one of the most prominent password managers in the world.
Should you opt to use one, a password manager is one of your first lines of defence in your cyber security arsenal. Having it breached can range from ‘less than ideal’ to ‘catastrophic’.
Well, that’s exactly what’s happened to LastPass. Again.
LastPass has been pwned
You might recall our report from a few months ago in August that the service had suffered a data breach. There, an unauthorised party gained access to the company’s source code and “other proprietary information”.
Well, whoever gained access is back for another attempt. This time using information gained from the first breach to target a third-party cloud storage service that LastPass uses.
That allowed the threat actor to “gain access to certain elements of our customers’ information,” reads a statement issued by Karim Toubba, LastPass CEO, on Wednesday, 30 November.
Luckily, thanks to the service’s zero-knowledge architecture, LastPass customer password vaults “remain safely encrypted”, continues the statement.
Well, that’s the story they’re going with. While we have no reason to believe anything to the contrary, we’d also like to remind everyone that there are plenty of other password managers out there. You needn’t be beholden to this one just because it’s the one you’ve always used.
Dashlane – This is another trusted and well-established password manager that is feature-rich and easy to use. The free version is limited to 50 passwords. The paid-for version is a little pricey but offers more than most competitors.
Bitwarden – Bitwarden is an open-source password manager that features a fairly comprehensive free tier but doesn’t offer many bells and whistles. It doesn’t limit the number of stored passwords or devices used but the user interface isn’t that welcoming to new users.