Woke this morning to the news that my password manager of choice, LastPass, had a bug that (for the first time I can recall), put the passwords in the vault at risk.
In the linked article, Tavis Ormandy suggests dumping LastPass and going to another password manager. But to me that’s like when it starts to rain (no lightning) and you run under a tree. Eventually the rain works through the leaves, so now you go run for a different tree. Well, duh! The rain has worked through all the leaves on all the trees.
There’s no reason to think my passwords are more or less safe elsewhere.
And oh by the way as of this writing, LastPass has pushed a fix.
Jacques Paquin
Awwwwww crap!
Now I’ll have to make sure all my browsers have the updated addin. And while I’m at it I guess I’ll see if they fixed a bug/vulnerability that I noticed a while back with 2 factor. If not this will be the kick needed for me to let them know.
David Frier
I have not noticed the 2FA issue. I am using Google Authenticator but LastPass offers a lot of options.