Lastpass downplayed the breach and turned out they had not properly encrypted the data like notes section. They should have been sued to oblivion, but they were able weasel out of responsibility, so far.
Lastpass had one job and failed it. Unforgivable that they knew their users' master passwords are not secure enough, but chose not to be vocal or proactive about it.
If you're using Lastpass right now, move to more trustworthy options like 1Password, Bitwarden or Keepass. Do it today. And change all passwords, that are meaningful to you.
You'd have to go study the case, but it's a class action case, so it'll hurt if they lose (and even if they don't). The court appears to be consolidating cases into this one, because LastPass has been sued in federal court 15 times so far:
I swapped to BitWarden a few years back and there was almost no friction - export from LastPass, import to BitWarden, get used to the inevitable handful of UI quirks, and you’re good to go.
I have been using 1Password for the last several years and am quite happy with them, except for the fact that they basically forced users to use their cloud offering with subscription as opposed to free iCloud storage after 1Password version 7.
Highly recommend Strongbox. The underlying DBs are KeePass DBs and can be stored anywhere as well as opened with any KeePass client, with a UI even better than 1Password (you can have columns for every field) as well as passkey support + export/import (even before the official method came out because they believe in you owning your own data).
I love it because Strongbox also has its own cloud feature (optional) that is just a hosted KeePass DB which makes it easy to have a shared DB with my partner.
The only downside for me: there isn’t a universal search that searches all DBs for credentials. So if you are in a browser and trying to autofill, you need to select the DB you want it to populate from.
> except for the fact that they basically forced users to use their cloud offering
Yeah that's when I left 1P after having bought hundreds of dollars of licenses for myself and my family (for multiple OS).
The other big thing was self hosting the vault. You used to be able to sync the vault with Dropbox and access it from a browser but at some point Dropbox killed public folders. It would have cost 1P pennies to store the vaults of paying customers in S3 buckets. Instead they decided to use that as leverage to force people into subscriptions.
No. I used both of them when migrating from LastPass, and found that Bitwarden only supports four or five types of entries, which ultimately drove me away from the product.
The rich entry types from 1P and LP are nearly all converted to Notes in Bitwarden. Great product otherwise.
With the way the Apple is going in the UK, I'd rather give 1Password the keys to the kingdom.
Their whole raison d'etre is protecting your passwords. If they start selling people out, their business implodes.
They also keep adding thoughtful tweaks and new features. A couple years back I thought I'd give it a few years and then hop from 1Password to Bitwarden. But Bitwarden's UI and UX is still subpar (doesn't even support drag 'n drop..)*. All Bitwarden does is invest in enterprise features, which mean jack for the average user.
*dragging items from one vault to another, not a hugely important feature but Bitwarden has a thousand of these kind of paper cuts compared to 1Password
Lastpass had one job and failed it. Unforgivable that they knew their users' master passwords are not secure enough, but chose not to be vocal or proactive about it.
If you're using Lastpass right now, move to more trustworthy options like 1Password, Bitwarden or Keepass. Do it today. And change all passwords, that are meaningful to you.