Hacker News new | past | comments | ask | show | jobs | submit login

Why do you recommend others to stop using LastPass?



https://en.wikipedia.org/wiki/LastPass#Security_issues


I just switched last night for unrelated reasons

1. BW supports inline Android 11 password fill. I find the UX much better with this feature

2. LP is a bit buggy, particularly on Android

3. LP is slow to add new features

4. I didn't expect this, but I really enjoyed BW's UI

5. On Android, I enjoy the three quick launch buttons they provide

6. LP creates new logins in folders of it's choosing by default. Not a fan

But in general, BW it just "works" better/faster for me


LastPass has suffered a few security breaches and the overall quality of the product hasn’t improved. 1Password is a superior product with no security breaches.


From my interaction with LastPass support (I'm a premium user), they've outsourced to some cheap company where agents have no clue how anything works. It took weeks to get through to somebody who even understands the problem and their reply was essentially "yeah we know it's broken, it's broken because of security".

Left a really bad taste in my mouth. I wouldn't be using them at all if I didn't have to for a client.


I remember reading a blog entry, a few years ago.

Someone received a phishing email from "their bank."

They responded to the email, and got someone on the horn, immediately.

But their bank (the real one), sent them to a horrifying voice jail.

The point was that the crooks gave better customer service than the real bank.


Barclays recently tried sending me a new credit card because they were changing to Mastercard or something.

I got an email one day that my new Barclaycard was activated. Called support, and they swore to me it was a phishing email (it was definitely from Barclay's official domain). Would not listen to me at all and kept trying to get me to hang up. I asked if I could tell them the email MessageID and they could verify the authenticity. They said no.

About 10 minutes into trying to convince them it was not a phishing email, I refresh my dashboard and there was a $600 purchase at a Long Island Walmart. That shut them up really quickly and they transferred me to their fraud department who asked me for the MessageID at the bottom of the activation email and confirmed it was real...

I asked if I could set up any additional security, and how could they activate a new credit card? Did they have my online password? Apparently no, you can just call on the phone and activate it, no authentication required. They told me I could set up a "voice password" for my account for all phone support and I did just that.

I called them back 30 minutes later, got through to support to where I could change anything about my account. Asked them if my "Voice Password" was enabled. "Yes it is." "....Okay, no one has asked me for my voice password yet, and here you are about to change my address". They still didn't really understand the seriousness, so I told them "I'm not <my name> I'm a hacker trying to steal his money." and they understood.

The worst part? I couldn't cancel that credit card until they physically sent me one to activate. No way to visit a branch and get one. It ended up getting stolen out of the mail THREE TIMES before they finally sent it with a signature required.


It makes sense economically. Crooks will steal ~100% of your bank balance in one day. Bank itself earns 1-2% per year.


Yup. The blogger was just being cranky about their bank.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: