OppositeCode
OppositeCode t1_j1gxq1f wrote
Reply to comment by jashsayani in The Lastpass hack was worse than the company first reported by glawgii
This changes from user to user. In my situation, I'm not in the apple ecosystem. I use Windows, Apple, and Android. This is where 3rd party password mangers shine. Usually, it has extensions and apps for each OS. If each major OS had it's own password manager, in my situation, would be completely useless.
OppositeCode t1_j1gxe32 wrote
Reply to comment by scruffles360 in The Lastpass hack was worse than the company first reported by glawgii
Yes, unless you are logged in your vault won't be decrypted. I assume you mean something similar to this? https://bitwarden.com/help/uri-match-detection/ https://bitwarden.com/help/website-icons/
Correct me if I'm wrong, but I assume the website match should be done locally otherwise it would be encrypted. https://bitwarden.com/help/what-encryption-is-used/
Browser extensions are a weak point but it also prevents everyday people from getting phished. As if the domain is not matching, you won't be able to fill your information (since it won't show).
As always, if you don't trust cloud you can either self host or use a local password manager.
OppositeCode t1_j1g29qx wrote
Reply to comment by colonel_beeeees in The Lastpass hack was worse than the company first reported by glawgii
Well I personally trust my current password manager (Bitwarden). When you save your account to that password manager. It is supposed to be fully encrypted and uploaded to the cloud. This is that if there is a breach, the hackers only have your encrypted information (essentially useless).
In the case of this LastPass hack, the URLs of accounts weren't encrypted while the rest of the usernames and passwords were. This can lead to phishing attacks attempting to gain access to that website's account.
There are also local password managers, however I decided against them, as it is not convenient for my personal situation. I started with LastPass but switched to Bitwarden after they implemented their single device policy. As of now Bitwarden has not been breached. With the code being open source, the ability to self host, and the developers responsive & open to suggestions; it has earned my trust.
OppositeCode t1_j1g14xm wrote
Reply to comment by Useless_Advice_Guy in The Lastpass hack was worse than the company first reported by glawgii
From a privacy standpoint, you should change passwords (especially your master password). The hackers have the URLs for accounts of LastPass users (as it wasn't encrypted). So it is recommended to change passwords for "important accounts" (emails, financials, etc).
You can then slowly go through your other passwords and change them. Like the next time you visit the site. Also don't use LastPass any longer, if you want to keep using a cloud based password manager, I recommend Bitwarden for free users.
OppositeCode t1_j1gz5yx wrote
Reply to comment by scruffles360 in The Lastpass hack was worse than the company first reported by glawgii
I'm not a developer so it would be your best bet to ask in different subreddits such as: r/privacy r/PrivacyGuides r/Bitwarden