The most secure password is one you do not know and cannot recover by any means.

My banking account, for example, is now perfectly secure - having generated a new password for it, #LastPass then whisked away the box offering to save it to my vault. It's gone, man, solid gone.

Wonder if two password resets in quick succession will look particularly suspicious?

Edit: Yes, I can go back into the history and look. But I shouldn't have to do this when the app promises to handle it for me.

Feds Link $150M #Cyberheist to 2022 #LastPass Hacks

https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/

I finally got my company completely off of #LastPass.

They slow-rolled account cancellation with questions from the account retention specialist, including offering 6 free months. While they slow-rolled us, they also billed our card for a full annual renewal.

When I demanded a refund, I got back: "Remember that, as per our terms of service, all payments you make to us are final and non-refundable. However, we've made a one-time exception for you. "

Bye, LastPass!

#lastpass Broke their own CLI tool for all who use it yesterday. No one from LastPass is commenting on the issue, leaving users to share workarounds with each other. https://github.com/lastpass/lastpass-cli/issues/653

CC: @1password

#LastPass has made it difficult to choose which "passwordless" login to use on desktop. Choices include:

1. Their browser extension with a history of vulnerabilities or
2. Their website, known for having more than a dozen third-party trackers on the front page.

Tough choice!

https://support.lastpass.com/s/document-item?language=en_US&bundleId=lastpass&topicId=LastPass/passwordless_authentication_overview.html&_LANG=enus

I notified #LastPass in early May that they have a security error on their homepage. It's still there. They don't care. They also wouldn't have the problem if they didn't have so many trackers on their homepage.

#1Password and #BitWarden are better options for password managers, among others.

@proactiveservices @airshipper It looks like #LastPass does at least turn off all the trackers on the login page. Do you see the same?

https://lastpass.com/?ac=1&lpnorefresh=1

The #LastPass home page right now. Yes, that's a security-related error.. with an third-party ad tracking service they use.

Allowing third-parties to inject code on to a site used for "Master Password" logins is bad news.

Ha, just having the idea and writing it down set me off in the right direction.

Here's the perfect integration I was looking for, already officially provided by #lastpass

https://github.com/lastpass/lastpass-cli/blob/master/contrib/completions-lpass.fish

It provides perfect tab-completion for the #Fish shell.

Now all I need to do is update my #Ansible code that automatically sets up my environment so this detail is preserved in my configuration.

The birds are singing, the sun is shining,
Maybe it's spring at last!

Or maybe I've just permanently deleted my Lastpass account

The floor is now open for nominations for best password manager.

I am **finally** reaching the end of the work required to leave Lastpass, curse its descendants, and forget its name forever. Not that I have strong opinions on this.

Looking for a replacement to work on and sync with PC and Android, needs to allow sharing between two users. Paid service is ok as long as not too expensive. Easy migration from Lastpass is a huge plus.

Suggestions?

I just visited the #LastPass website and there's a security problem on their homepage caused by a third-party tracking service they use. If LastPass is trying rebuild brand confidence for 2023, this isn't the way to do it.

Reminder, in case you needed it, to practice good password hygiene. And probably to avoid centralised password safe (erm.) solutions (erm no.) too.

Password safes generally are still the way to go. I just wouldn't put them on somebody else's computer

https://www.theregister.com/2022/12/23/lastpass_attack_update/ #LastPass