Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The first paragraph very nearly lost me – irrational, rage bait, directly contradicts later stated facts – but there’s some good content later. The chief complaint seems to be that LastPass is not forcing this upgrade, they are just blast emailing unaffected people that they “forced” it while not actually doing so. And they’ve pulled similar stunts in the past, and in current communication seem to clearly be blaming users for their weak settings and passwords while erasing the fact that LastPass chose the settings, ok’d the passwords, botched the upgrade, and still hasn’t fixed most of their mistakes.

Everybody with a clue knows LastPass is a lost cause, but what’s more interesting to me is how we can generalize the lessons we’re learning here. I’d propose that user blaming in general is evidence of bad tech and magical thinking around it, and that points a finger at some very interesting targets.



> Everybody with a clue knows LastPass is a lost cause,

Yeah at this point, I have to wonder how there are still lastpass users to worry about whatever the latest lastpass scandal is.


I'm too lazy to change.


Take the 10 minutes to migrate to Bitwarden or 1Password or such and be done with it.


Yeah, if you have no attachments, otherwise it takes days and a lot of programming knowledge


You can have them both installed. Migrate your passwords today, then the other stuff as you get around to it.


The problem is there is no way to say "show me all items with attachments", so it's extremely tedious to find those


it takes a bit more than 10 minutes to convince my family to also migrate their passwords and re-figure out how to use it when all their life they used the same password for everything.


My employer has a contract with LastPass, yeah..


Friends don't let friends use LastPass.


Can someone explain to me what is the advantage of using something like LastPass over simply the in-built password manager that Firefox or other browsers have? I know that LastPass can be used for desktop applications too, but if you are only using a password for the web, is LastPass offering anything more than the in-built browser password manager?


Safari's built-in pw manager:

- until recently, didn't have 2fa

- doesn't support multiple domains under the same account (e.g., the stackexchange network is considered one site per subdomain)

- doesn't support generating complex passwords (it'll generate passwords but I'd hardly call them complex…)

- doesn't support credentials not associated with websites (e.g., an SSH login, a bank pin…)


Also doesn’t support recovery questions. As someone who generally enjoys safari, the password manager could use some love. Integration across devices is good though.


It does support the per-subdomain option now. You can edit a password to say whether it applies to the whole domain or a specific host.


Who only logs in on websites? So many apps also require logging in.

I'm also not sure if those built-in password managers sync to other devices and if you want to trust them with it.


Downside of Firefox Sync for password management is indeed its lack of iOS app integration. Sadly, I suspect it is Apple making it impossible to compete.

Upside is that it also syncs to my Firefox on Linux, which Apple’s doesn’t.


Syncing to my phone apps is my big reason.


credentials/certificates/keys/data storage, secure sharing etc. Pretty much anything that's more complex than single user username + password doesn't seem to be served by the current built-in managers.


A lot of these require deeper system integration, and this is not, in my experience, cross-platform. I’d rather have to drag my SSH/VPN keys and certs around manually, and have basic password management working across iOS, MacOS and Linux.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: