LastPass Password Manager - Time to move on?

flaneurs_lobster

I've been a customer for around five years and have a Family membership that costs (at last renewal) £48/year.

I was not too concerned when it was announced back in August that one of their development environments had been hacked but there had been no access to customer data. Since then the company has been investigating the breach and in a couple of further announcements (the latest yesterday) it seems the hack was far worse than first thought and customer's secure vault data has been copied, albeit still encrypted. 

If anyone's interested in more detail then have a look at any of the usual technical news sites.

I know no organisation's systems are ever 100% secure but the way LastPass' parent company has been less than forthcoming about this hack, together with their rush to a paid-for model after they were acquired a couple of years ago make me feel I should be looking for an alternative.  

Moving to another password manager would be a PITA, especially when a lot of effort has been expended persuading and training less tech-savvy members of my family in its use (and the quirks) and having to roll it out across 20-odd devices. My vault has close to 1000 entries.

Am I being over-reactive? What are the current options for password managers? Am I daft using a paid-for service and free Bitwarden would do the job just as well?

dogmaryxx

Am I being over-reactive? What are the current options for password managers? Am I daft using a paid-for service and free Bitwarden would do the job just as well?

Why not have a look at any of the usual technical  sites or try Google search.?

flaneurs_lobster

dogmaryxx said:

Am I being over-reactive? What are the current options for password managers? Am I daft using a paid-for service and free Bitwarden would do the job just as well?

Why not have a look at any of the usual technical  sites or try Google search.?

Because I value the experience and expertise of the participants on this forum (well, most of them). 

chrisw

I moved from LastPass to Bitwarden when they started charging for devices and it seems perfectly fine. It does everything I need.

 I guess there's no real world simple way of comparing security but I haven't had any advisories like the LastPass one.

400ixl

Bitwarden is a great open source vetted alternative and the migration is quite straight forward and it supports the favourite platforms. Being open source means that it has been and continues to be scrutinised by the security experts across the world.

I ditched Lastpass some time ago, it is on the whole a secure platform (even if their dev environment wasn't).

Migration is straight forward as I say so why not give it a go. I ran both in parallel for a while whilst I made sure it was the right move.

Import from Lastpass instructions at https://bitwarden.com/help/import-from-lastpass/

pmartin86

I moved over from lastpass to bitwarden a few months back after one of their "hacks" (Hard to keep track of which one as their reporting is..spotty) So far it's been great and the fact its free (for personal use) is just a nice bonus.

virgo17

I have used Keepass and KeepassXC for several years as I am not happy with placing my passwords anywhere on an internet site, no matter how secure or well encrypted it 'appears' to be.

Whilst I fully acknowledge that it is easier to access cloud based services from different locations, it is not for me.

There is a migration route from Lastpass to KeepassXC at the following page:-

https://www.securitybind.com/how-to-safely-migrate-from-lastpass-to-keepassxc/

Only caveat is that I have never done this so can't advise how useful or basic this might be.

RumRat

flaneurs_lobster said:

Am I being over-reactive? What are the current options for password managers? Am I daft using a paid-for service and free Bitwarden would do the job just as well?

Well, a little bit over-reactive, I'm sure you have read the blog linked to in the email, but, if you haven't, it answers all your questions.  Notice of Recent Security Incident - The LastPass Blog
That said, when they changed to only using it on PC or Phone and not both I downloaded Bitwarden and migrated all my passwords within about 2 minutes. So, now I run both with no problems.

flaneurs_lobster

Thanks for all comments. I've got six weeks or so before subscription renewal so I think I'll follow @400ixl 's lead and run Bitwarden in parallel on a couple of devices (PC & phone) and see how they compare. It does seem that I'd need the paid-for version of Bitwarden to get the Emergency Access functionality but even then it would still be less than half the price of  LastPass.

Thanks again.

Olinda99

The usual.technical.sites imply that as long as your master password is complex, not trivial and unique (not used anywhere else) then you will be fine.

400ixl

flaneurs_lobster said:

Thanks for all comments. I've got six weeks or so before subscription renewal so I think I'll follow @400ixl 's lead and run Bitwarden in parallel on a couple of devices (PC & phone) and see how they compare. It does seem that I'd need the paid-for version of Bitwarden to get the Emergency Access functionality but even then it would still be less than half the price of  LastPass.

Thanks again.

What do you want the emergency access functionality for?