And even here, they're not mentioning that most people want an understandable word or words as their main password ... and that there are lists of the most frequent words used in passwords / the most frequently used passwords that can greatly diminish the time it takes to crack a password.
No, if you use Lastpass or even if you used it in the last year or two, you should change _every password you have_ and do it now. #repassword
#Lastpass explores some of the information that crackers are believed to have accessed during their most recent breach. (As a reminder, #LastPass has had at least three severe breaches; it is conceivable but not assured that some or all of customers' data may have been accessed at some time in a form that the attackers could read.)
@cwebber This is also the 3rd or maybe even 4th time the I know of that #LastPass has been penetrated, and there could easily be other times that I don't know about.
I get the feeling that the people that did it the first time "got root" and have just periodically resurfaced ... which means they have had many years to collect and exploit data.
Actually, based on the links above, change every password you have, but do not update the information in #LastPass. It appears the cybercriminals are still inside LP's systems, gathering data in near-real time.
Do both, even if you decide to close your #lastpass account.
And isn't this the third or fourth time they've been penetrated? At this point, their paid and unpaid customers should be concerned that the company may suffer a ransomware attack and they'll be locked out of all their sites.
Personally, I no longer believe that online password managers are worth the risk, but at one point, I did use LP myself (because I paid for their bookmarks sync service). In fact, I closed my account because I felt like they did not understand that they are a security service.
They had asked for some permission that I felt was unnecessary for a service that should merely manage passwords, so I closed my account.
Anyway, if you have a Lastpass account, I'd recommend that you first log in and change your LP master password, then change _every password_ that you had stored in that account.
I was thinking about switching to #Pass (which seems to be GPG + shell scripts), but the browser integration is really nice. I had forgotten how nice it is. If you used #Lastpass or #1Password, it is like that, only without any concerns that the homebase server will be penetrated.