{"id":14254,"date":"2025-11-08T12:39:23","date_gmt":"2025-11-08T19:39:23","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=14254"},"modified":"2025-11-08T12:41:14","modified_gmt":"2025-11-08T19:41:14","slug":"is-your-password-manager-owned-by-a-surveillance-company-lastpass","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2025\/11\/08\/is-your-password-manager-owned-by-a-surveillance-company-lastpass\/","title":{"rendered":"Is Your Password Manager Owned by a Surveillance Company? (LastPass)"},"content":{"rendered":"\n

I had no idea about the connection to a spyware company and how some of the label data wasn’t encrypted. I was aware of the hack, but I had a strong password which made brute-force attacks problematic, as well as changing sensitive passwords immediately, e.g. banking, credit card… And I had used 2nd factor authentication as well. I guess from the unencrypted labels, the hackers knew exactly what vaults held crypto credentials, a bad practice in addition to using custodial wallet accounts. Consequently, it’s pretty easy to export your credentials to another password manager, and Bitwarden<\/a> is only $10 per year, with paid account only needed for 2nd factor authentication. And they seem to have a better extension and android app, open source, and they conduct regular audits<\/a>, including source code and penetration testing of their network and servers. Proton has an authenticator app<\/a> that is much more trustworthy than alternatives for second factor authentication, which I employ along with Yubikeys<\/a>. And once converted, deleting your LastPass account<\/a> is pretty easy.<\/p>\n\n\n\n

\n