Why We Continue to Recommend LastPass
LastPass, a password management software company recommended by Element, recently suffered a second data breach that exposed encrypted user data to hackers. While this is concerning, we continue recommending LastPass because we believe that any other alternative would be similarly vulnerable to attacks, if not more. LastPass has taken steps to improve its security measures in the wake of these incidents and has maintained transparency in its communication, so we are still confident in recommending them as the best password manager on the market.
Despite them being the best option right now, there are still some simple steps you should take to ensure the security of your passwords. We recommend resetting your Master Password, enabling multi-factor authentication (MFA) on all supported accounts, and resetting the passwords for any important accounts stored in LastPass. If you stored MFA backup codes in LastPass, we suggest resetting both your password and MFA token to prevent the possibility of bypassing MFA if your vault is decrypted. While we still recommend storing MFA backup codes in LastPass, it's important to note that this could be used to bypass MFA in a worst-case scenario.
Overall, we appreciate LastPass' transparency and encourage users to take these simple steps to ensure their security.