LastPass Worries: a reader asks…
I use your recommended LastPass password manager. Do I need to worry about security vulnerabilities? I read that several security vulnerabilities were discovered with LastPass. Should I switch to another password manager?Advertisement
LastPass advised users of an existing potential vulnerability via their blog. While the threat is pretty obscure, it is possible for you to inadvertently allow your account to be compromised. LastPass is working on a permanent fix, but in the meantime advises folks to not use the browser extension, but to open your LastPass vault and launch websites directly from there.
Personally, I applaud LastPass for being proactive and offering a workaround out of an abundance of caution. No password manager is 100% secure because security is an ongoing improvement process. Many other password manager programs don’t even let their users know about discovered vulnerabilities. LastPass, like Microsoft, Apple, and other software developers must constantly update their software to counter newly emerging threats – hackers are targeting the market leaders constantly. So no, I don’t think you should switch, and I expect a program update that patches the vulnerability to be issued within a few days. In the meantime, you can choose to follow their directions or not. If you don’t surf the web indiscriminately, and otherwise practice safe computing (I have tips here and here), your risk is minimal.