I’ve officially moved my password manager from Lastpass to Bitwarden.
Lastpass had a security breach in 2022, and their response couldn’t have been worse.
PC World explains it well, “LastPass’s disclosures about its 2022 security breaches was like watching a train wreck in slow motion. First came the initial announcement in August, which claimed that no customer data was affected—just a developer environment. Then three months later came an update that customer data was affected. Nearly a month after that, the company revealed that customer information and password vaults had been stolen. Not only that, but elements in those vaults (including URLs) had not been encrypted.”
I’m sure the company knew of the severity of the issue in August, but the refusal to be transparent about how user data got into the wrong hands is unconscionable for a password management company.
When you’re known for one thing, and you don’t do that one thing well, it’s no surprise when you lose customers.
When I moved to Bitwarden, an open-source end-to-end encrypted password manager, I painstakingly changed each password manually for every online account to eliminate the risk from the LastPass breach.
Despite the hassle, I’m happy with my move, and hope to avoid a situation like this in the future with my new choice in password manager.