LastPass says hackers had internal access for four days

Y	Hacker News new \| ask \| show \| jobs

	LastPass says hackers had internal access for four days (bleepingcomputer.com)
	24 points by olliepop 1376 days ago

1 comments

DevX101 1376 days ago

This isn't the first time this company has been breached. I'd stay far away from this company. If you really need a centralized password repo, use 1password.

But if you can, I'd recommend self-hosting (VaultWarden) over any online service provider.

link

suprjami 1376 days ago

I am still amazed anyone would use a proprietary password manager which stores in someone else's computer. That's the opposite of good password management.

link

themadturk 1376 days ago

Which is why LastPass doesn't store your passwords on its servers, just a one-way hash.

link

ix101 1376 days ago

I don't think that's correct. They state that passwords are decrypted in the browser. They are stored encrypted on their servers but not decrypted on their servers AFAIK

link

tinus_hn 1376 days ago

That wouldn’t be very helpful if the point is for the service to remember your passwords.

link

milosmns 1376 days ago

Did you mean BitWarden? Or really VaultWarden?

link

n8henrie 1375 days ago

Based on the context of self-hosting, I assume the parent wrote correctly.

link