In 2022, LastPass suffered several breaches. In August, a threat actor got into the internal systems but LastPass said it wasn’t that serious. A couple of months later, LastPass confessed that the August breach was more damaging than previously thought – as proved by one more hack that resulted in stolen encrypted backup vaults of user data, unencrypted URLs, and credentials.
On Monday, LastPass came out with a new blog post regarding their past breaches, providing more details on what had happened. During the second breach, the threat actor took advantage of the vulnerability detected in the first accident.
“The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources,” LastPass claimed.
One thing is clear – your passwords on LastPass are no longer safe, and it shows.
This is just some additional icing on the already tall cake of LastPass’s errors. In March 2021, LastPass made the free version users choose between desktop and mobile devices without the option to use both. Maybe LastPass thought the change would prompt phone-and-PC-loving users to switch to the paid version and bring LastPass some sweet cash. But what the password manager got instead was a massive user base exodus.
But that mass fleeing from the fire is almost nothing compared to the one happening right now. LastPass had one job – to keep all of your data safe – and it failed miserably. For now, its good reputation is lying dead in a ditch, and we’re not sure if anything at all could bring it back to life. Nevertheless, LastPass is still grasping at straws in hopes of saving itself. It says that the stolen backup vaults are protected with powerful encryption and master passwords, making them virtually unbreakable. But the reality is different. A security expert from a rival company revealed that it would take barely any effort to break down the master passwords of LastPass users.
This revelation, together with the numerous breaches of user trust, is a red flag shining brighter than the LastPass logo.
Looking at the alternatives
The ideal password manager is one that works on several different devices and doesn’t make you choose. It also autofills your data and helps you keep all your difficult-to-crack passwords in one place. That’s just the basics, though. Tools like data breach scanners, the option to keep secure notes, and banking info are nice-to-have extras and often come with paid plans. Not so long ago, LastPass had it all – it was the perfect password manager. Our local Cybernews crowd was using it daily, too. But now that LastPass’s days are done, the need for an alternative is stronger than ever.
Luckily, while LastPass might’ve been everyone’s darling, it never was the only password manager. And the one password manager that might just be the perfect substitute is NordPass. It is a password manager from a company that made NordVPN, a very successful and secure online privacy tool. NordPass has never been breached and has passed an independent security audit – something that LastPass didn’t manage to do.
NordPass has a free version, which you can use on any device you want – no weird pressure to choose between your phone and computer. Though most importantly, NordPass keeps your data safe. Word on the street is that its security is definitely harder to crack than whatever LastPass had going on.
Besides the obvious password-keeping function, NordPass has some other neat features under its belt. My personal favorite is the reminder underneath each entry that this password is 90 days old, and may or may not be used for too many accounts. Love me nothing more than a gentle nag to keep my personal security up to date.
In all seriousness, I find such features as a data breach scanner for my countless personal and work emails quite comforting, even if it’s not something I use every day. It is always nice to be informed when my login credentials are for sale on the dark web.
And if anything, the option to sort things into little neat folders and upload not only passwords but also secret notes and credit card details just adds to the overall good experience with NordPass. And it maybe reminds me of LastPass a little, back when it was still good.
However, NordPass is not the only alternative to LastPass. There are plenty of other password managers out there, each with its own features and quirks, catering to different needs.
For example, RoboForm is one of the most well-known and one of the oldest password managers on the market. It’s been praised for being exceptionally easy to use and offers a truly extensive free version.
1Password is also one of the best. It is arguably the best password manager for families or multi-member households who share the same wifi and Netflix account. It’s very easy to manage permissions and shared vaults and still allow each user to have their own account for personal passwords and data.
To find more options and more details, you can check out our recommendations for the most secure password managers of all time.
If there is one thing that I want you to take away from this, it’s that you should leave LastPass. It was good while it lasted but now it’s time to pack your password folders and find a better place to store them.
The better place doesn’t necessarily have to be NordPass, though I do strongly recommend it. It could be any other password manager, just make sure that it is secure, hasn’t been hacked, and meets all your needs. And please don’t even think about keeping your logins in the notes app.
More from Cybernews:
Subscribe to our newsletter