I was just watching the show that got me interested in security,
Security Now and listening to Steve Gibson’s 2nd evaluation of the Lastpass breach is something along the lines of watching every horror movie condensed into a single terrifying movie! What a mess. The worst part is the longer you have been a customer, the weaker your account security was due to the company never updating the hashing iterations for existing users. Let’s say you were a user from the very early days, your hashing == 1 iteration! This level was considered reasonable over 10 years ago, but today the minimal iteration count is 100100. Whut? I wasn’t a user from the first days but; I was a long time paid user and my iterations were so low! Unsurprisingly customer loyalty didn’t pay off. I feel that it’s best to take ownership of your own security but, not running a global update on user settings of people paying you to keep them secure.. is negligence.
So here I sit, slowly plowing my way through my nearly 400 passwords... deleted here and there. Updating the really important ones immediately. I have moved to BitWarden as I’m sure you're wondering. I won’t rehash Steve Gibson’s wonderful explanation of how screwed we all are if we stay in Lastpass but let me say.. if you are there and you don’t change your passwords... 2023 will probably be an unpleasant year for you!
So why Bitwarden? Well, it’s either them or 1Password that has the most security experts recommending it, I picked Bitwarden because you can host your own instance which is pretty IndieWeb if you ask me! No, I haven’t done this yet. Also, it’s OSS. I may host in the future but for not my priority is fixing this mess and I’ll be at it long time from the looks of it..