this post was submitted on 19 Jul 2025
402 points (92.1% liked)

Technology

72957 readers
2988 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
402
Password manager by Amazon (lemmy.world)
submitted 1 day ago by kokesh@lemmy.world to c/technology@lemmy.world
126 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] greybeard@feddit.online 3 points 17 hours ago

LastPass's biggest problem was that they were almost the first in the game, and mistakes/choices they made 20 years ago bit them hard when they got hacked.

There were two major issues with LastPass's security model:

  1. Non-Password data wasn't encrypted. So usernames and urls were visible by the people who stole the vaults.
  2. Passwords were encrypted with a number of iterations based on when the account was created, so older accounts were only run through a single iteration. The iteration process makes it much harder to guess the master password(by making it take a longer time). So single iteration makes it pretty quick to guess the password.

So with flaw 1 you could see what vaults might have valuable passwords like banks and crypto wallets. And with flaw 2 you could reasonably quickly break into the vaults of long time users.

So aside from their lax security allowing the compromise to happen in the first place (Nothing is fool proof), they weren't providing the level of protection most people assumed.

More modern password managers like BitWarden fixed those problem a long time ago.