Sam (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
l33tminion) wrote2022-12-29 06:04 pm
l33tminion) wrote2022-12-29 06:04 pm
Entry tags:
LastPast
Due to a recent security breach at LastPass, I've migrated to Bitwarden and rotated passwords (at least the most important ones).
I don't think my passwords were compromised by the breach, the attacker would need to break my master password to decrypt them. And I still thinking using a cloud password manager is a good tradeoff for the convenience of generating and recalling strong unique passwords. If you use the same password everywhere, there are lots of weak points that will compromise all your passwords. If you use a password manager, there's one hopefully strong point, plus the (also strong and unique) master password protecting access to that. But I am belatedly noticing that LastPass no longer looks like a strong point. This thread by former LastPass proponent Jeremi Gosney goes into detail, suggesting that cloud password managers are still a good tradeoff, but recommending Bitwarden or 1Password.
I don't think my passwords were compromised by the breach, the attacker would need to break my master password to decrypt them. And I still thinking using a cloud password manager is a good tradeoff for the convenience of generating and recalling strong unique passwords. If you use the same password everywhere, there are lots of weak points that will compromise all your passwords. If you use a password manager, there's one hopefully strong point, plus the (also strong and unique) master password protecting access to that. But I am belatedly noticing that LastPass no longer looks like a strong point. This thread by former LastPass proponent Jeremi Gosney goes into detail, suggesting that cloud password managers are still a good tradeoff, but recommending Bitwarden or 1Password.