TL;DR: Last Pass is broken. All passwords at the time of the breach were taken. They also got internal secrets from a laptop and can now probably throw computational power at anything they want to decrypt.

Switch. Do not use. Change everything you have if you were using it. Treat everything as breached.

  • edge [he/him]
    ·
    edit-2
    2 years ago

    There's always the possibility Mozilla gets hacked like this. idk if there's a way to make it on device only, but by default it syncs with a Mozilla server.

    But as I said elsewhere in this thread, password managers kinda need to be in cloud storage so you can access your randomly generated passwords from any device.

    Also Bitwarden is more feature full. And you can host your own server instance if you really want, so you wouldn't be vulnerable to the security of a company. Though you'd instead be vulnerable to your network's security, so you should probably only do that if you know how to properly secure a network.

    • TheCaconym [any]
      ·
      2 years ago

      There’s always the possibility Mozilla gets hacked like this. idk if there’s a way to make it on device only, but by default it syncs with a Mozilla server.

      No, by default in fact it does not (that would be insane). You have to enable it, and create an account and everything.

      Also, if you do opt for the firefox password manager, use a secure key to encrypt it (that is not enabled by default either).