I think the whole LastPass fiasco just shows why everyone wants to get into the SaaS business so bad - subscription revenue is the gift that keeps on giving.

LastPass has proven they have no business safekeeping anyone else's credentials. Anyone who cares a modicum about their security will have migrated off. But migrating off is a HUGE pain (people will need hours to update hundreds of passwords), and LastPass's announcement just days before Christmas was obviously done so that your average Joe would just miss it.

So LastPass will be able to continue collecting subscription revenue from users who were too busy or just not paying attention to the news, despite the fact that they really should be giving refunds to everyone who depended on their service.

> But migrating off is a HUGE pain

It took less than 10mn to migrate to Bitwarden. What do you mean by migrate?

Moving passwords managers is easy, but if you assume LastPass lost your passwords you need to change every password.

But that isn't migrating, it's "changing all your passwords on all sites you use".

Even if you stayed on LastPass(!), you should still do that, right? It's a penalty for LastPass compromising them.

In theory yes, but the risk associated every account is not equal.

If you have an business account, migration is non-trivial: It's not uncommon to have hundreds of shared folders of secrets accessible by hundreds of teams.

The meta information (which user account belongs to which team, which team has what kind of access {none,read-only,read-write} to which folder) is not trivial to migrate.

Last time I migrated (many years ago), not all the data was in the export. And the secure notes especially were mostly missing or messed up.

I think others have posted on HN that they experienced the same last year when they attempted to migtate.

So you may have exported in 10m, but do not assume you got everything, go through the list and make sure everything is there (including verifying the contents).

Migrating from LastPass to another password manager is actually a pretty easy process. Many password managers can import passwords from LastPass.

Yes, sure that's easy. Also now there are twice as many places from which an attacker can get your passwords. Oops?

Have you read the 1Password whitepaper? This isn’t exactly an easy target for any attacker.

I haven't read the 1Password whitepaper, could you elaborate? Would be curious what 1P is doing that is substantially more secure than what LP is doing (not counting the braindead stuff like not encrypting website URLs) Having been a 1P user, my guess is that, unlike LastPass, in 1P the data used to encrypt your vault includes both a completely random key and your master password, while in LastPass it's just your master password. Is there anything else?

Yes, 1P uses a random key additionally to the master key, like you described. That's the one 1P asks you to print out and hide somewhere, and which you also need when opening a vault on a new device. I don't know what LP does, but here are some notable things I gathered from the 1P whitepaper:

- 1P has a multi-layered approach: The master key + random key (+ salts) decrypt the user's private key, which in turn is used to decrypt the vault key (because the user's public key was used to encrypt the vault key). The vault key is used to decrypt the vault's items (each individually). Giving a new member access to a vault is done by encrypting the vault key with that member's public key. (I guess that's the same for LP)

- 1P encrypts all field contents. BTW metadata (e.g. URIs) and content fields are encrypted separately, such that the former can be decrypted faster for UI and search purposes.

- 1P uses the Secure Remote Password protocol, which allows clients to authenticate with the 1P server without ever sending the actual password. Instead, during account creation, a derived key ("v") is sent from the client to the server that will be used to generate a shared secret during every authentication (without sending "v" again). "v" has been salted with the user's email address. So, by arriving at the same shared secret as the client, the server can be sure of three facts: 1) The user entered the correct master key, 2) the user's device has the correct random key in store, and 3) the user's given email matches the email that was defined when creating the vault. In the paper they write that this authentication process is actually the reason why 1P requires a random key in addition to the master key: It's impossible to brute-force the master key even if an attacker gains access to "v".

- Vault recovery with 1P prevents the team "admin" from receiving the recovered vault's data (they do learn the vault key though, that's a necessity).

- 1P are constantly evaluating whether stronger encryption schemes (e.g. elliptic curve, or, further out, post quantum crypto) need to be implemented, and if such an update happens, they have already mapped out how vaults are upgraded. I think they increased PBKDF2 passes from 10k to 100k without breaking anything. IMO a higher pass count would be better, but that would make for a quite slow UI.

That's useless if you're migrating away because of security concerns. What you actually have to do is to go to all of the sites and change each of the passwords you have stored in LastPass.

As someone else - you should be doing this even if you're staying on lastpass.

It's what I've spent the last few days doing (hundreds of passwords), but then again, I'm also moving to bitwarden.

True, though I think this is a good practice in general if switching your password manager, even for benign reasons (price etc).

Actually, it's a very hard process since the easy process doesn't migrate all the data

> Lastpass has failed their fiduciary duty

I get where you're coming from, and ultimately agree. But I doubt anyone at LastPass on the business side agrees - to them this is just another PR snafu. The business continues to chug along regardless of how many catastrophic breaches they go through. I think they see these numerous issues as a cost of doing business vs. having a critical broken product offering.

Again I agree, but, I doubt they're going to change their ways this late in the game.

I feel this way but this is wishful thinking. It's more likely that they will transition even more into a gray privacy territory by marketing LastPass to less and less tech-savvy users, eventually bundling it for free with some spammy ad-supported service and/or preinstalled on a phone or laptop (basically, Norton and McAfee territory). The parent company is already not trustworthy, and this breach is the last nail into LastPass as a trustworthy service.

More interesting to me is that this shouldn't be an issue, they should just lose out to the competition organically.

And yet here we are.

Most economic models of equilibrium explicitly state that they model outcomes “in the long run” for precisely this type of a circumstance.

Should a firm with a history of these types of problems lose out to competition organically? Sure, but there is no binary “losing out tot he competition” switch that just gets flipped one day.

This is part of the reason why I get so frustrated with the laissez faire mindset/meme.

Right.

Crucially, these models don't actually state that the companies that do the best job will win out, but that the most profitable ones do.

The problem arises when screwing over the user is more profitable than doing it properly.

That's why the tech industry is so ethically corrupt today. There's very little regulation to make dark patterns and sloppy security practices more costly than they are profitable.

Competition is slow to take effect when there is cost of transition.

Duopoly. Plus cost of switching away once you sign up.

Network effects and monopolistic (anti-competitive) features allow bad companies to survive today. Monopolistic practices are probably a worse problem today than in the 1920s.

In the 1920s governments used regulation to break up huge firms and defeat advantages due to cost of capital (hard to start a new railroad in the 20s because the cost of trains and tracks was just so high.) Today, cost of capital is relatively less important, and things like switching cost and bundling and people valuing their time and convenience are bigger factors. We need anti-trust/government regulation to address those.

(For example, in the case of password managers, imagine if there were laws requiring publicized security audits and seamless migration to a new service of customer's choice. A competitor to Lastpass might have arrived by now.

All major browsers offer password management, then there's Apple Keychain, 1Password, KeePass, Bitwarden, and Lastpass. And that's just the ones I could think about while reading your comment.

Where is the the duopoly, and who's being forced out of the marketplace due to lack of government regulation of password managers?

Much of this could be addressed by antitrust enforcement as well as actually having competent lawmakers that understand the products their citizens use overwhelmingly daily. Policymakers barely understand the internet, let alone zero knowledge architecture and encryption

Sundar Pichai being asked about if someone is handpicking search results comes to mind, as an illustration

They could might as well dissolve the whole company. Most, if not all of their products are very security sensitive.

Aa long as they have paying customers that are ignorant, willing or not, to the issues I suspect they'll keep chugging along.

You're not being vindictive. If anything, you're being overly gracious.