Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
LastPass Hacked for Second Time This Year
- Thread starter MacRumors
- Start date
- Sort by reaction score
To be fair it wasn’t always trash. Its original founder was a smart guy and helped get password managers into the popular consciousness. Then he sold out to LogMeIn, who told him he could stay on as CEO with no significant changes.
That lasted a year or so until they started messing with things.
That used to be true but now that they added 2FA and notes there isn’t much of a difference and, in Apple slickness, the 2FA integration is one tap seamless. The only reason I use BitWarden as well is for redundancy. I would like to see categories added, I do like that in BW.
And I'd STILL move over to LastPass vs the shambles and subscription, 1pass lock-in, removal of iCloud, electron shambles of a setup that 1Password has!!
Bitter? Yep.😆
Bitter? Yep.😆
This, plus linux support. Apple is terrible with that.
You only have to memorize one good password. And then as others have mentioned, use two factor to help protect that. And also as mentioned, it’s about generating strong unique passwords for each service. That’s extremely critical and not many people realize it.
How do you do to have unique, strong password? I currently have 500+ pass in my password manager. I really don’t know how I would do it without.
Last edited:
Why not Bitwarden?
I was with 1pass for well over 10 years and switched to bitw and it’s working great.
Any kind of really secure password is not going to be easy to memorize. Since you want every different platform you use to have its own unique password, this means having to potentially memorize dozens of them. This is not really feasible.
It's far more realistic to have one single very secure password manager's login information to memorize and have all other passwords in the password manager itself. All of the passwords managed should be random-generated and quite long, making them extremely secure but pretty much unrealistic to handle by memory, especially those used very rarely.
Furthermore, the password manager's login can typically be secured much better than the average platform's login, e.g. by using two-step authentication with hardware security keys.
I used 1Pass for years until it went to a subscription model and now use Bitwarden.
Hopefully the Apple setup works as good or better than both programs. (fingers crossed)
I just have the passwords section of settings open up from an iOS shortcut - icon on my home screen takes me straight there, opens with faceid faster than 1password. Doesn't have all the features of a dedicated password app but it's pretty close and free.
Not much difference? If so, where can I get these features using iCloud:
- Multiple vaults so I can separate personal from work passwords?
- Ability to give family members access to certain passwords (like streaming services) while keeping other passwords only to myself
- Ability to store sensitive documents, along with personal information (Drivers License numbers, SSNs, etc.)
- Ability to fill MORE than just user name and password fields (At aa.com, I have to enter my number and last name to log in.)
- Ability to recognize when a site uses SSO via Apple, Google, GitHub, etc. and remember that setting so the next time I go to that site it takes me direcly to the correct SSO login?
- Save my SSH keys so I don't have to manually copy them to each computer I use?
Never used them.
I used KeePass for a long time because I had 100% control over my data as it is never uploaded and stored locally at all times. It was a bit of a hassle to sync between devices so I moved to Bitwarden. They need to upload your data to sync it but I feel like they are trustworthy. It's open source and if you are really concerned you can run your own server.
Not had any issues with Bitwarden since i started using it so I highly recommend it.
That said, I still use the built in password manager on iOS. not for all my logins but just for some apps i use on my iphone/ipad so it's a bit easier to sync. Also i use it for generating one time codes for some accounts. If you use Bitwarden you don't get time based codes on the free plan you need to get premium. I'm using the iOS manager to do this since it's free but I might end up moving them to Bitwarden and paying the $10/year that it cost.
I used KeePass for a long time because I had 100% control over my data as it is never uploaded and stored locally at all times. It was a bit of a hassle to sync between devices so I moved to Bitwarden. They need to upload your data to sync it but I feel like they are trustworthy. It's open source and if you are really concerned you can run your own server.
Not had any issues with Bitwarden since i started using it so I highly recommend it.
That said, I still use the built in password manager on iOS. not for all my logins but just for some apps i use on my iphone/ipad so it's a bit easier to sync. Also i use it for generating one time codes for some accounts. If you use Bitwarden you don't get time based codes on the free plan you need to get premium. I'm using the iOS manager to do this since it's free but I might end up moving them to Bitwarden and paying the $10/year that it cost.
There's a Windows extension for Chrome/Edge. And it supports 2FA codes as well. You just need the Microsoft Store version of iCloud.
I am using a work-issued laptop, so no to extensions or apps that don't come preloaded. How I would kill to have just one ad-blocker installed in chrome...😕
Bitwarden all the way. I host it on my local box for free and I can share with my family members, and the encrypted container sits safely on my "server". If Apple supported shared iCloud keychains, that would be amazing, but they don't. I understand how this might compromise their security, so I'm not unhappy with it.
Because some of us have to work across platforms. If one were to only stay within the Apple ecosystem, sure you can use the built-in password manager.
After two security breaches, people should stop using LastPass, get off ASAP, it's proven too insecure.
Because other password managers may offer more functionality and flexibility?
You automatically assume the built in solution is more secure, which may not be the case for all.
Because other password managers may offer more functionality and flexibility?
You automatically assume the built in solution is more secure, which may not be the case for all.
I'm wondering if you're implying that LastPass is subscription-free? Not sure.
I checked and indeed there is a subscription-free version of LastPass, but it only works for 1 user on 1 device. Many of us have to have the passwords accessible across at least 1 more device if not more, and often across platforms. In those cases. LastPass is still subscription required.
Last edited:
Been using LastPass for a long time. 1Password didn't even exist back then.
Never switched because i don't have enough information to decide which one is more trustworthy.
Sure, Lastpass got hacked now and we don't really know for sure if their data really can't be decrypted. But same could happen with 1Password and then i would be in the same situation again. All we have is their word, that it can only be decrypted on our devices/with the secret key.
I think i will have to look into Bitwarden and Host it on my NAS. And only make Sync accessible through VPN.
But not sure how i'm going to connect with my work computer then..
Never switched because i don't have enough information to decide which one is more trustworthy.
Sure, Lastpass got hacked now and we don't really know for sure if their data really can't be decrypted. But same could happen with 1Password and then i would be in the same situation again. All we have is their word, that it can only be decrypted on our devices/with the secret key.
I think i will have to look into Bitwarden and Host it on my NAS. And only make Sync accessible through VPN.
But not sure how i'm going to connect with my work computer then..
I am worried that if something like this happened to kCloud Keychain, Apple wouldn’t tell anyone and instead merely declare the service temporarily down for technical reasons, and restart it without any comment.
You forgot a third, worst type, like Ubiquiti: those that have been hacked, know it, and don’t report it.
This really irritates me. GoTo has been pushing LastPass as the only way to do multi-factor authentication with their apps (GoToMyPC, GoToMeeting, etc.) Users at my workplace were previously using SMS for MFA login codes without issue but GoTo claims there were all kinds of problems so they had no choice but to replace it with their own quality product LastPass. I'm sure it does wonders for their user count but our users hate it and it's complicated to set up. 
And now, it's not even secure. What a disaster.
And now, it's not even secure. What a disaster.