Finally leaving Lastpass due to latest security issue. I need something that allows each person in my family to have their own set of passwords, but then easily have shared sites that we all use like amazon, Netflix, etc. Lastpass sharing was never easy to me.

Thanks for your rec's!

aggie_wes said:

---

Bitwarden. My wife and i have a shared "collection" and we have separate vaults as well. Everything works great and seamless.

---

Plus you can self host. Significantly lower risk of data leak if my passwords are locked down on my local network

Bregxit said:

---

We use 1Password with a family plan. It has been great.

---

+1

What security issue? I use LastPass and sharing has been easy peasy.

https://techcrunch.com/2022/12/22/lastpass-customer-password-vaults-stolen/

I just use Apple's built in password manager. Allows me to auto fill and auto generate complex passwords without having to go to a non-native app.

It's not good if you need family sharing capabilities across different apple IDs, though.

TxAggieBand85 said:

---

FreeLunch said:

---

https://techcrunch.com/2022/12/22/lastpass-customer-password-vaults-stolen/

---

Thank you. I will be changing my passwords.

Someone got a copy of a vault on a backup, but have to use my login name (TxAggieBand@GreatestAg.com) and my password (BevoBurgers4All) to get in.

Still sloppy work on Lastpass part.

---

...this is their 3rd data breach this year. You should seriously consider using a different password manager. All of your passwords are in the hands of "hackers" now.

I expect their next press release to say how the passwords really weren't encrypted on their servers or them saying the salts for the hashes were released.

txyaloo said:

---

TxAggieBand85 said:

---

FreeLunch said:

---

https://techcrunch.com/2022/12/22/lastpass-customer-password-vaults-stolen/

---

Thank you. I will be changing my passwords.

Someone got a copy of a vault on a backup, but have to use my login name (TxAggieBand@GreatestAg.com) and my password (BevoBurgers4All) to get in.

Still sloppy work on Lastpass part.

---

...this is their 3rd data breach this year. You should seriously consider using a different password manager. All of your passwords are in the hands of "hackers" now.

I expect their next press release to say how the passwords really weren't encrypted on their servers or them saying the salts for the hashes were released.

---

I agree, but the passwords are encrypted and I will be changing passwords on my accounts. I use unique passwords. Changed TexAgs today. Having to factor in the family plan and pain in the ass level of effort to change platforms.

This was the last straw for me. Been putting this off for some time but switched to Bitwarden on my Synology NAS this weekend. Actually went with the Vaultwarden implementation because it's much lighter on the server load and you still use the official apps on the client / mobile / desktop.

ETA: I meant to say that I was very impressed with the BW setup and import process. Seriously wish I would have done this years ago.

Thank you for the lead with Bitwarden. Think I will upgrade my Synology NAS to a model that supports Docker and go the Bitwarden route. Then will switch to Bitwarden and offer these services to family.

I just moved over to bitwarden. Thankfully, we had a pretty secure LP master password to buy some time on changing everything.

Any thoughts on what to do with credit card info etc that was also saved in LP?

I've been a big advocate for LastPass for years, just moved over to Bitwarden and going through and changing my password for everything now. Export/Import was super easy to do. So far it's just as easy to use as LastPass. Too many issues on LastPass's side to keep them.

My company just forced us off lastpass and onto 1password after the latest breach. I'm liking it better so far.

aggiesherpa said:

---

I just moved over to bitwarden. Thankfully, we had a pretty secure LP master password to buy some time on changing everything.

Any thoughts on what to do with credit card info etc that was also saved in LP?

---

I use Privacy.com for the majority of online purchases so don't store CC#s in Bitwarden but do they not import from LP? You may just need to figure out the correct file format. I'd also suggest using Privacy if your bank supports it. Keeps your real CC# off the internet and lets you set up cards restricted to one vendor and you can set day/month/year/lifetime spending limits on card numbers. Super handy. I've saved me 3x now where a vendor's system was hacked and unauthorized charges started getting denied. I knew exactly what vendor was compromised.

I mean, with CC info or other private non-password info that was in LastPass, it's not as easy as just "changing the password" to make the stolen info obsolete.

We could request new CC, but it's not really possible to request other new PII.

I'll take a look at Privacy. I hadn't heard of it before.

aggiesherpa said:

---

I mean, with CC info or other private non-password info that was in LastPass, it's not as easy as just "changing the password" to make the stolen info obsolete.

We could request new CC, but it's not really possible to request other new PII.

I'll take a look at Privacy. I hadn't heard of it before.

---

Ahh I understand now. Thought you meant moving the saved card numbers over vs worrying about saved numbers being out in the wild now.

It is a bit insane LP didn't store the notes and lots of other info in encrypted fields.

txyaloo said:

---

aggiesherpa said:

---

I mean, with CC info or other private non-password info that was in LastPass, it's not as easy as just "changing the password" to make the stolen info obsolete.

We could request new CC, but it's not really possible to request other new PII.

I'll take a look at Privacy. I hadn't heard of it before.

---

Ahh I understand now. Thought you meant moving the saved card numbers over vs worrying about saved numbers being out in the wild now.

It is a bit insane LP didn't store the notes and lots of other info in encrypted fields.

---

I am curious where you are reading that some data was not encrypted? There is some customer account information (think CRM) such as billing address, IP address, etc that was clear but from my reading I thought all customer entered data such as passwords, secure notes and cc were always encrypted.

RED AG 98 said:

---

txyaloo said:

---

aggiesherpa said:

---

I mean, with CC info or other private non-password info that was in LastPass, it's not as easy as just "changing the password" to make the stolen info obsolete.

We could request new CC, but it's not really possible to request other new PII.

I'll take a look at Privacy. I hadn't heard of it before.

---

Ahh I understand now. Thought you meant moving the saved card numbers over vs worrying about saved numbers being out in the wild now.

It is a bit insane LP didn't store the notes and lots of other info in encrypted fields.

---

I am curious where you are reading that some data was not encrypted? There is some customer account information (think CRM) such as billing address, IP address, etc that was clear but from my reading I thought all customer entered data such as passwords, secure notes and cc were always encrypted.

---

Things may have changed in the last 10 days. When LP finally acknowledge the breach, it had come out that the URL and notes fields weren't encrypted. Apparently, "secure notes" were encrypted but notes associated with the password field weren't?

https://www.reddit.com/r/Lastpass/comments/zzz5x4/notes_are_encrypted/

BQ2001 said:

---

https://www.reddit.com/r/Lastpass/comments/zzz5x4/notes_are_encrypted/

---

Good to know! I wasn't able to find that post earlier

If you have an Eero router, 1Password Family is included in the Subscription.

Depending on the website it looks like Using a 15digit password with upper case, lower case, numbers and special character would take quite a long time to crack (up to 1billion years??) So I will try to find comfort in that.

aggiesherpa said:

---

Depending on the website it looks like Using a 15digit password with upper case, lower case, numbers and special character would take quite a long time to crack (up to 1billion years??) So I will try to find comfort in that.

---

I did this same exercise - it seems like it'd take a long time to crack my master password. However, I'm looking to change just on principle alone.

Anyone have experience with Dashlane? I'm looking at it and 1password. I like that Dashlane has a plan that also includes vpn.

My company is dumping our LP enterprise account over the incident. Imagine we aren't the only ones...wonder if they even survive this. Bit pathetic they haven't updated their blog on the incident since 12/22 and no longer even mention it on their homepage.

So, lucky me is in the middle of researching replacement solutions and looking forward to dealing with end-users on a migration.

Vernada said:

---

aggiesherpa said:

---

Depending on the website it looks like Using a 15digit password with upper case, lower case, numbers and special character would take quite a long time to crack (up to 1billion years??) So I will try to find comfort in that.

---

I did this same exercise - it seems like it'd take a long time to crack my master password. However, I'm looking to change just on principle alone.

Anyone have experience with Dashlane? I'm looking at it and 1password. I like that Dashlane has a plan that also includes vpn.

---

Had Dashlane for years. They kept raising the price, reducing features I wanted, and jamming in new crap like their VPN. Dumped it a few years ago for Bitwarden.

I'd rather pick my VPN service than get something that was an after thought

Not sure if related, but I have been getting hammered with fraudulent login attempts. Have 2FA on most all of my accounts, but in the last few days I've had Facebook, Gemini and Quicken all have login attempts (2FA stopped them), and a fraudulent gift card order on my Amazon account.

Trying to track down the weak link is a pain in the ass.

Just switched our family from Last Pass to 1password. No complaints so far.

Can someone help me with the import of data to Bitwarden from Last Pass? I was able to export data to CSV file in Excel. I can't get BitWarden to import.
There were several CSV types to save as. Maybe I chose poorly?
Do I need to manipulate the columns?
Thanks

I had this problem also. I basically just deleted and reimported. It took three times, and then was fine

Switched my family to 1Password this week, as well. This may sink LastPass. My master password was 27 characters and a good mix, so not that worried about it, but I can't stay with them in a situation like this. Communication is abysmal.

I love that 1Password has another key you must know in order to set up on a new device. If you have 2FA set up, that's effectively 3FA for getting in on a new device.

I'm in the middle of a switch to BitWarden now. It's going to be a long changeover because I'm changing credentials as I go. I'm pretty pleased with the ease of use. I haven't found anything LastPass does better just yet.

One other thing I've started doing, if you use Gmail, you get basically unlimited aliases. So say your email is propjo@gmail.com, propjo+texags@gmail.com would also route to the same inbox in the same way (Google ignores anything after the "+"). It may help you figure out which site has been breached, and I use it to see who is selling my email address to 3rd parties.