The thing is, at least in this particular case, maybe all the crackers got was encrypted data. They’d still need to spend time decrypting what they stole. As long as people were not so stupid as to use the same passphrase for both logging into LastPass and for securing their LastPass data, users should be fine…sort of.
I know password services are discussed on Soundbytes, but I’ve just never been able to feel comfortable with any of the options; seems like they’re ALL just too hack-able, or at the least I’ve never understood them enough to take the risk.
So I use an even more controversial technology when it comes to passwords:
Ball-point pen and recycled paper.
Papermate, circa 1972.
Oh, and a fire-proof, water-proof safe.
I’d like to see a hacker try to get inside of THAT.
Not to creep you out, but just what are your criteria for trusting a piece of software? Have you read or heard about Ken Thompson’s ACM speech “Reflections on Trusting Trust?” Until proven otherwise, I trust the Siber Systems guys/gals.
For using pen and paper, you must like a.) typing a lot instead of just typing the one encrypting passphrase, and b.) enjoy physically searching through stuff. The system I use automatically guesses the proper credentials based on the current page’s URI, and they’re always sorted alphabetically otherwise.