As I see it, yes
3 Likes
They do a password manager now, too…
3 Likes
I feel like normally “will they survive this” the answer is usually a resounding yes. People are lazy but by it’s nature the people who have a password manager aren’t the sort that usually accept a lapse in security.
2 Likes
It’s also a pretty unique breach. A password manager basically leaking everyone’s password vaults. And it’s far from over, I expect regulators to start looking at fines soon.
Even with the NordVPN breach, most people are using that to watch US Netflix or something and won’t super care. But everyone uses a password manager precisely to secure their passwords - I guess for some it may be convenience but then again just having one password that’s ‘Revels123’ for everything is far more convenient!
I honestly don’t think LastPass will survive this.
The fact that this is far from the first breach they’ve suffered makes me think that they’ll survive this one too, even though they really shouldn’t. Inertia is a powerful force; not everyone will be reading the right news sites and blogs, and given time the story will fade in prominence anyway (apart from a paragraph on their Wikipedia article).
Maybe people will surprise me and dessert the service in droves, forcing them to close down. If that happens, I’ll happily eat my words.
1 Like
Hopefully any business using them will migrate away, that’ll take away some cash at least.
2 Likes
I’ve just switched from Bitwarden to 1Password. My subscription was up for renewal so thought I’d have a look around, the 1Password UI is much nicer than Bitwarden and I like the idea of the added security of a secret key on top of the account password. Plus since they do a 50% student discount it’s only marginally more expensive than Bitwarden 
1 Like
Bitwarden has this too.
1 Like
There’s a slight difference. 1Password requires your password and secret key to log in and then derives the vault’s encryption key from both, Bitwarden just uses the key for encryption and it’s mostly invisible to the user unless you want to rotate it
2 Likes
Yes as above, not really the same thing at all. The 1Password secret key is afaik unique to 1Password. It’s purpose is to combine with your master password as something that never leaves your devices, so that in the event of a Lastpass style breach, your password would be at least 128 bits of entropy (which is more than any human made and remembered password can achieve, and is actually unbreakable).
It’s a pretty neat bit of security design, although Bitwarden as I understand also has pretty solid security design overall.
2 Likes
Sorry, I completely misread it and was thinking of the Yubikeys seeing as we’d been talking about those!
Yes, you’re correct - that’s something unique to 1Password 
2 Likes
I’ve skimmed the thread, so do point me up if this has already been covered, but is there a password manager that works well with DuckDuckGo on Android and Mac?
And (for @N26throwaway and others!) any views on hosted online services vs self-hosted vs hosted on Google Drive etc? All / most providers seem to offer a zero-knowledge hosted service, but like LastPass has shown, they are quite attractive targets
If I was really paranoid I’d use self hosted bitwarden… but as they’ve never (yet) been breached due to not being incompetent so I just stick with their cloud.
Apparently bitwarden is built into duckduckgo already, but I’m sure all the other ones have plugins.
1 Like
Really not worth it for the user inconvenience to be honest.
A good zero knowledge architecture is perfectly secure so long as the knowledge bit that sits with you is secure. Make sure you have an actually safe password. Again, four random words separated by a random character is more than enough so long as the words are generated actually randomly and from a decent wordlist. Rolling dice on this table is a fun way to create a secure password https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt
2 Likes
1Password autocomplete works amazingly on Mac with apps and in browsers. It’s genuinely one of those magical, just works features which is hard to live without once you have it.
7 Likes
One thing I’d like to chime in is that if you have a family subscription like myself with 1Password and if your work place also uses 1Password for businesses, you can link it and get the family subscription for Free. Which is what I’ve been doing for more than a year or so, I would assume it would be the same if you were just using a personal plan as well
1 Like
Related to overall question - is any site or anyone keeping a list of what services and products now offer passwordless?
I don’t know if it’s comprehensive, but there’s:
1 Like
Not sure if anyone uses Microsoft Authenticator but I’m really frustrated they’ve stop supporting the Apple Watch.
I’m not - like many people I could never get it to work reliably. In the end I just uninstalled the watch app and switched off Authenticator’s watch notifications so that they’d go straight to my iPhone.