On Wed, Feb 17, 2021 at 3:01 AM Dale <rdalek1...@gmail.com> wrote: > > I suspect a lot of users are going to be moving from Lastpass because of > this change. If their service was far better then people may pay it. > Thing is, it isn't. As was pointed out in a couple things I read, they > have been hacked in the past. What was taken was encrypted but still, > they got hacked.
So, while I echo most of the sentiments in this thread already so I won't repeat them, I do try to be careful about how I look at past reports of hacks. Important considerations are: 1. Why were they hacked? 2. What did they do when they were hacked? 3. What were the consequences? 4. What is likely to happen in the future? When it comes to security the future is much more important than the past. We look at the past as a predictor of the future. However, you have to always keep this in mind. One thing I admire about Lastpass is that when they were hacked, they immediately went public with it, disclosing at all times what was known and explaining the impact to customers as best as they understood it. They took steps to get users to change passwords/etc which would protect them if the encrypted data was cracked in the future. The way they handled the incident definitely made their customers safer. Likewise as best as anybody can tell the consequences of the breach were very limited. They ensured that customer vaults had solid encryption, which gave them defense in depth - the breach of the encrypted data wasn't able to be leveraged into a breach of the unencrypted password data inside. These should both be seen as factors in their favor, and it is the sort of thing that you can't really see until somebody is actually hacked. I think one of the more concerning issues for their future was the change in management when logmein bought them. I think people had concerns about the new management. I definitely like that bitwarden is FOSS. One concern with ANY of these web-based tools is that while they may very well be securely implemented, the fact is that the actual code is remotely managed. At any time somebody who obtains control over their infra could push out updates that cause your client to compromise your data in a number of ways. This requires more sustained control than just a quick snatch of the encrypted cloud password store, but it is definitely a risk, whether the code is FOSS or not. After all, Gentoo is FOSS, but if somebody was able to gain control over the repositories/keys/etc they could push literally anything in an update to your system, and unless you're looking very carefully at your ebuilds you could have arbitrary code running as root in no time. Obviously that is something infra and the portage design tries to make unlikely, but it is definitely a threat model really for any software distribution of any kind. The automated nature of updates to these cloud-based password managers makes these sorts of attacks potentially easier to pull off (though I'd they would have resources dedicated to detecting a compromise like this and mitigating it). -- Rich
