[iLoveOncall]

But you don't even have to have followed the news. LastPass has sent an email to all its users informing them of the somewhat recent breach.

I had already left by then but I would have otherwise.

[zdragnar]

People still read their emails? I thought it was mostly just for registration verification links and spam.

[Waterluvian]

Yep. They either don’t know or don’t care. There’s a level of security fatalism among non-techs.

I can imagine a security professional explaining to a random person everything they ought to do to be secure. Not gonna happen.

[UncleMeat]

Okay. But how is a typical person supposed to effectively judge the relative risk of LastPass against alternatives such that it justifies the hassle of switching?

The core problem with the LastPass breach was their response to it, not necessarily that they were pwned in the first place. Like, the whole point of password protected vaults is to make this situation less harmful.

[jeroenhd]

People don't know about the ability to export and import passwords, though. Modern interactions are so much "everything is locked behind this branded app" that it's a miracle people still remember they can email to other domains.

What they do know is how annoying it was to have to set up LastPass, entering each and every password, dealing with accounts and setup and recovery keys, and the process of getting used to it.

Unless LastPass adds a button that says "click here to switch to a competitor", I doubt their remaining customers will ever leave the problem.