I’ve paid for LastPass since 2013. All of my passwords are randomly generated, including my master. LastPass says I’m okay (obviously), but Verge, Ars Technica, and other “privacy”-related commenters say otherwise.
So am I okay, or do I need to change ALL of my passwords? Just master? Should I leave LastPass? (I don’t really care for Bitwarden’s UI, but I assume I’d get used to it if I switched.)
You will have to change ALL passwords. LastPass has been storing them in a way that can be brute-forced with relatively low effort.
Yes, you should leave LastPass as soon as possible, they’re not trustworthy (and haven’t been for quite some time).
What so you base this off?
From my understanding it wasn’t such likely if the master password was decent.
I thinking generally this is good advice when switching to a different password manager now but I don’t think the user is directly at risk because of the leak.
Also Lastpass is not the best password manager. I would suggest to pick on of the current recommended solutions and keep your 2FA separate from it. In that way you keep a very decent level of security.
Also the amount of characters that you disclosed is relatively low. I would suggest to use as long as possible, for things you have to remember always use randomly generated passphrases.
I appreciate this person’s perspective. That said, it took me about an hour to switch from LastPass (eight-year member) to Bitwarden across all my devices. The “hardest” part has been teaching myself my new master. Nothing else has changed, save for the colors of the logo.