Skip to main content
  1. Home
  2. Computing
  3. News

Using LastPass? You need to switch urgently, says security firm

By
Add as a preferred source on Google

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

A dark mystery hand typing on a laptop computer at night.
Andrew Brookes / Getty Images

In its report, Intego outlined the LastPass saga, from its initial disclosure of a breach in August 2022 up to an investigation by rival password manager 1Password in December. That timeline paints a picture of a password manager with questionable practices and technology, Intego states.

Recommended Videos

In August 2022, LastPass notified users that its development environment had been accessed by an unauthorized third party but that no customer data was taken. Then, LastPass issued a new statement in November stating that hackers had taken “certain elements of … customers’ information.”

Finally, in December, LastPass admitted the data accessed by the hackers was used to trick a company employee into handing over keys to some customer credentials, which were then used to access and decrypt customer data.

Questionable practices

Man using a Macbook Pro at a desk.
Ash Edmonds / Unsplash

However, Intego maintains that third-party analyses of the breach suggest a more troubling scenario. According to security researcher Wladimir Palant, for example, LastPass’s statements were “full of omissions, half-truths, and outright lies.” One of Palant’s allegations is that LastPass’ implementation of a password-strengthening algorithm is not considered strong enough based on industry standards, making users’ vaults far too easy to hack into.

Rival password manager 1Password has added its opinion into the mix, claiming that it would cost a hacker $100 or less to crack the master passwords protecting many LastPass vaults, such is the weakness of LastPass’ hashing methods.

All of that has led Intego to state that, “given what we now know about LastPass — both how the company operates and its technology — we do not recommend using LastPass as a password manager.”

How to keep your passwords safe

password manager lifestyle image
Image used with permission by copyright holder

It’s a remarkable statement to make given LastPass’ popularity. LastPass itself claims it has over 33 million users — if the claims about its lax security are correct, that’s a huge number of people whose accounts, passwords and credit card data are all now potentially vulnerable.

Right now, Intego advises LastPass users to immediately begin migrating their accounts to another password manager. Once that’s complete, the company recommends users update all of the passwords that had been stored in LastPass with fresh replacements.

It goes to show that not even the most popular services are immune to hacking attacks and security breaches. Whether you use a password manager or not, you can protect yourself by using strong, unique passwords that are not used on multiple sites. That way, one breach won’t lead to all your other accounts being compromised.

Alex Blake
Alex Blake
Computing Writer
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
Topics
As iPads get pricier, Motorola’s Pad 70 Pro arrives as a solid option… just not for US buyers yet
Great specs, a stylus in the box, and no US launch date: the Moto Pad 70 Pro sounds both impressive and disappointing.
Computer, Electronics, Laptop

If you don’t know about Apple’s recent price hike, which affected all the products in its lineup except the iPhone and Apple Watch (for now), you’ve got to be living under some sort of a rock. The revision made all the iPads much more expensive. 

Motorola, however, has just launched a 13-inch tablet that actually sounds good on paper. It’s called the Moto Pad 70 Pro, and it costs around $440 for the baseline model. The catch, however, is that the device isn’t available in the US yet. 

Read more
The refurbished MacBook Neo may be your best way around Apple’s price hike
MacBook Neo has hit Apple’s refurbished store after its price increase
Student using MacBook Neo in classroom.

The MacBook Neo launched in March as Apple’s most affordable notebook, but it has already been caught in the company’s recent price hike. The base model with 8GB of RAM and 256GB of storage now costs $699, while the 512GB version with Touch ID is priced at $799.

Just days later, Apple has already listed refurbished MacBook Neo models on its online store, giving buyers a cheaper official option, though the savings are not as generous as you might expect.

Read more
This cross-device clipboard app solves the copy-paste problem I keep running into on my Mac
ClipboardAI keeps a searchable history of everything you copy
Text, Electronics, Mobile Phone

I have lost count of how many times I have copied something important, copied another thing before pasting it, and then realized the first item was gone. It is a small frustration, but it happens often enough to become annoying. I recently came across ClipboardAI, which caught my attention because it goes beyond Apple’s built-in clipboard by saving copied items into a searchable history.

Instead of replacing the last thing you copied every time, ClipboardAI keeps a searchable record of copied text, links, codes, email addresses, phone numbers, addresses, and images across iPhone, iPad, and Mac. That means an older clip does not disappear just because you copied something new.

Read more