spsteve t1_j878g8s wrote on February 12, 2023 at 3:57 AM

Reply to comment by FatedMoody in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet

What I meant by destroy the vaults is corrupt them. Then your devices syncs the corrupted one. Done.

As for the use case, fair enough. I don't know I've ever had that issue as my physical devices all have passwords I remember and their passwords never leave my brain. If my physicals get compromised it is game over for everything else as far as I am concerned.

FatedMoody t1_j879aee wrote on February 12, 2023 at 4:04 AM

Sure ok if there is a massive breach and that corrupts all your passwords and destroys backups but still allows to sync with every device you have destroying those copies and those devices also don’t have backups then yes you might be in trouble. No solution is absolutely foolproof. However what’s more likely, the scenario described here or someone accidentally throwing away their password list or it being lost in some home accident? That’s literally single point of failure

spsteve t1_j87aknf wrote on February 12, 2023 at 4:16 AM

Normally I would agree with you, but given the level of breach suffered here AND the ABSOLUTE lack of transparency by the company, I wouldn't rule it out as an unreasonable concern.

With all the government supported bad actors in the world today the threat landscape has changed. State sponsored hacks designed to cause economic damage are becoming more and more common place. Sites like this are huge targets.

For the home user this is a difficult game but for the enterprise a well designed self-hosted solution (bitwarden for example) is the way to go right now IMHO.

Any of the big "public" cloud options are just too juicy a target. It is fairly trivial to set up your own reasonably redundant manager now if you're a company. The real issue is for the home user going forward. (But most home users have such horrible security posture i suppose it doesn't matter either).