With every tech writer recommending them LP was huge in size, so this was bound to happen. You live in a world that works a certain way, know how it works.Īll cloud password management companies will become bigger targets for sophisticated government backed entities as they grow in size. You should expect breach notices written by lawyers and communications that are sanitized. You should expect online systems to get breached. Heck even the US government has spies and breaches. You'll have to pretend the same way on any system. People have been pretending that LP was somewhat more safe than any other organization. But the responses above in this thread are rock solid. Having said that, 1P's architecture seems significantly more robust on just the Secret Key alone. Likewise, 1Password (1 year in the cloud), Bitwarden (6 years in the cloud), etc., haven't had such breaches, but they're also younger cloud-based password managers. If LastPass kept showing exploit communities that 1) it can't reliably prevent breaches & vulnerabilities, 2) it won't be bothered to fix old security problems, then we should have expected that many exploits would sooner or later be chained to make the most disastrous breach possible: a complete export of all LastPass encrypted vaults. They're big, they're slow, and they're burying their heads in the sand. LastPass near-decade of failed firewalls, failed internal anti-phishing, failed security policies, etc. Hackers don't only target the biggest fish, but the largest weak fish. Even the infamous 2014 iCloud hack was via phishing (aka users themselves gave away their login credentials). Yet Google & Apple have suffered precisely zero (0) leaks of encrypted vaults over decades. Google and Apple, with their browser/OS-based password managers, hold over 10,000x more login credentials than every third-party password manager combined. If Bitwarden ends up as the largest password vault provider (which is likely), they will be the target of the bad folks next. What's different? I moved from LastPass → Bitwarden → 1Password. I'd just search the subreddit for a company you like and you'll get enough lay opinions. We want to use a vault that the vendor treats like Fort Knox!!ĭoes anyone have opinions on this as it seems like everyone is saying that moving to Bitwarden, Keeper or 1Password is the answer but is it? If Bitwarden ends up as the largest password vault provider (which is likely), they will be the target of the bad folks next. Has anyone here done due diligence on the LP competitors as we will give up features if we know the vendors have really great internal setups? We do not want our password vaults ever in the hands of bad people (again) regardless of how well it's encrypted and we do not want to host ourselves.ĭoes anyone have anything thoughts on this? Have only so far spoken with two alternative vendors and asked these questions but just get a load of sales BS. We are not asking about features or the native encryption of the vault, what we want to know is which LP competitor has much better internal security and process where the possibility of the vault being stolen is much less likely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |