LastPass recently announced that customer password vaults were stolen over the summer. As long as your master password was long and complex, it is unlikely any of your stored passwords could be cracked. Based on a well-regarded security researcher Steve Gibson, I switched to BitWarden as a replacement. I elected the $10 a year account to allow more advanced multi-factor authentication and cloud vault storage.
Key Points
- BitWarden is cheaper than Lastpass ($20/year for 2 accounts vs. $45)
- Same features but better encryption
- OpenSource version is both free and more transparent
- Migration is easy, export from LastPass, Import to Bitwarden. Removed LastPass apps and browser extension and add Bitwarden.
- Turned on Multi-factor authentication in Bitwarden and use the Google Authenticator app (and email as a backup)
- Backed up Google Authenticator to my iPad (that has a fingerprint lock)
- Recommend using Google Authenticator over SMS/Text in case you lose your number. Still, consider what your plan is if you lose your phone. You don’t want to lock yourself out.
- The accounts that are critical like Google email & bank accounts have their own MFA enabled so even if someone cracks my LastPass vault, what they have access to isn’t valuable.
- People who only use Apple products should consider migrating their password manager to the free Apple Keychain feature
