Originally published as a Twitter thread:
I, for one, am not leaving #LastPass. Yet.
Privacy & security are too complex to manage without tools, and the zero knowledge architecture of this one has long been its most foundational feature, validated by @SGgrc & others.
As long as tradeoffs between secrecy & convenience must be made, we face tough choices. Sure, there are ways to keep my most sensitive secrets out of cloud storage, but strong encryption is a necessity in any event. How much productivity & effectiveness am I willing to sacrifice?
Inertia is certainly a terrible basis for such a critical decision. Some argue there’s a sunk cost fallacy at play here. Fair enough.
But switching costs are real. And if I had a weak vault key (password) or if I suspected that the encryption or software were faulty, this would be a very different conversation.
But the minute I chose a vendor and began storing sensitive passwords, I accepted as fact that my
unencrypted encrypted vault would someday fall into the hands of malicious actors. Anyone who did not was shortsighted or unwise.
This is a veritable inevitability, regardless of what tool(s) you use. Even if your encrypted blob is only stored locally, you must assume that ransomware or some other malfeasance (targeted or otherwise) will result in it getting someplace you don’t want it to be.
For me, this is a simple decision. @LastPass is now the single most highly motivated vendor on the planet. Having faced this much public scrutiny, no one will work harder to innovate and do whatever else is necessary to protect my data.
There should be nothing surprising about this breach, other than the amount of surprise being expressed by intelligent, knowledgeable, and even seasoned professionals.
We all knew this was a matter of when, not if.
Sure, the metadata leak is frustrating and disappointing. But again, tradeoffs. What other system can be trusted to do better and still provide the efficient access across devices that this one provides?
For anyone with a sizeable vault, I defy you to provide a valid justification for switching. Oh and if you’re switching because you’re worried your passwords are actually vulnerable, you’ll need to change every password in your vault.
Obviously all of this is subject to re-evaluation as new facts are discovered. But based on what we know now: I’m staying.
The upshot? A lot of people are having important conversations that needed to happen.