[hn_throwaway_99]

I think the whole LastPass fiasco just shows why everyone wants to get into the SaaS business so bad - subscription revenue is the gift that keeps on giving.

LastPass has proven they have no business safekeeping anyone else's credentials. Anyone who cares a modicum about their security will have migrated off. But migrating off is a HUGE pain (people will need hours to update hundreds of passwords), and LastPass's announcement just days before Christmas was obviously done so that your average Joe would just miss it.

So LastPass will be able to continue collecting subscription revenue from users who were too busy or just not paying attention to the news, despite the fact that they really should be giving refunds to everyone who depended on their service.

[adornedCupcake]

> But migrating off is a HUGE pain

It took less than 10mn to migrate to Bitwarden. What do you mean by migrate?

[bentcorner]

Moving passwords managers is easy, but if you assume LastPass lost your passwords you need to change every password.

[smcin]

But that isn't migrating, it's "changing all your passwords on all sites you use".

Even if you stayed on LastPass(!), you should still do that, right? It's a penalty for LastPass compromising them.

[coffeefirst]

In theory yes, but the risk associated every account is not equal.

[brian_cunnie]

If you have an business account, migration is non-trivial: It's not uncommon to have hundreds of shared folders of secrets accessible by hundreds of teams.

The meta information (which user account belongs to which team, which team has what kind of access {none,read-only,read-write} to which folder) is not trivial to migrate.

[rhamzeh]

Last time I migrated (many years ago), not all the data was in the export. And the secure notes especially were mostly missing or messed up.

I think others have posted on HN that they experienced the same last year when they attempted to migtate.

So you may have exported in 10m, but do not assume you got everything, go through the list and make sure everything is there (including verifying the contents).

[Flimm]

Migrating from LastPass to another password manager is actually a pretty easy process. Many password managers can import passwords from LastPass.

[tasuki]

Yes, sure that's easy. Also now there are twice as many places from which an attacker can get your passwords. Oops?

[manmal]

Have you read the 1Password whitepaper? This isn’t exactly an easy target for any attacker.

[hn_throwaway_99]

I haven't read the 1Password whitepaper, could you elaborate? Would be curious what 1P is doing that is substantially more secure than what LP is doing (not counting the braindead stuff like not encrypting website URLs) Having been a 1P user, my guess is that, unlike LastPass, in 1P the data used to encrypt your vault includes both a completely random key and your master password, while in LastPass it's just your master password. Is there anything else?

[manmal]

Yes, 1P uses a random key additionally to the master key, like you described. That's the one 1P asks you to print out and hide somewhere, and which you also need when opening a vault on a new device. I don't know what LP does, but here are some notable things I gathered from the 1P whitepaper:

- 1P has a multi-layered approach: The master key + random key (+ salts) decrypt the user's private key, which in turn is used to decrypt the vault key (because the user's public key was used to encrypt the vault key). The vault key is used to decrypt the vault's items (each individually). Giving a new member access to a vault is done by encrypting the vault key with that member's public key. (I guess that's the same for LP)

- 1P encrypts all field contents. BTW metadata (e.g. URIs) and content fields are encrypted separately, such that the former can be decrypted faster for UI and search purposes.

- 1P uses the Secure Remote Password protocol, which allows clients to authenticate with the 1P server without ever sending the actual password. Instead, during account creation, a derived key ("v") is sent from the client to the server that will be used to generate a shared secret during every authentication (without sending "v" again). "v" has been salted with the user's email address. So, by arriving at the same shared secret as the client, the server can be sure of three facts: 1) The user entered the correct master key, 2) the user's device has the correct random key in store, and 3) the user's given email matches the email that was defined when creating the vault. In the paper they write that this authentication process is actually the reason why 1P requires a random key in addition to the master key: It's impossible to brute-force the master key even if an attacker gains access to "v".

- Vault recovery with 1P prevents the team "admin" from receiving the recovered vault's data (they do learn the vault key though, that's a necessity).

- 1P are constantly evaluating whether stronger encryption schemes (e.g. elliptic curve, or, further out, post quantum crypto) need to be implemented, and if such an update happens, they have already mapped out how vaults are upgraded. I think they increased PBKDF2 passes from 10k to 100k without breaking anything. IMO a higher pass count would be better, but that would make for a quite slow UI.

[tsimionescu]

That's useless if you're migrating away because of security concerns. What you actually have to do is to go to all of the sites and change each of the passwords you have stored in LastPass.

[philjohn]

As someone else - you should be doing this even if you're staying on lastpass.

It's what I've spent the last few days doing (hundreds of passwords), but then again, I'm also moving to bitwarden.

[tsimionescu]

True, though I think this is a good practice in general if switching your password manager, even for benign reasons (price etc).

[eviks]

Actually, it's a very hard process since the easy process doesn't migrate all the data