LastPass requesting password reset after facing unknown anomaly

I am perfectly fine with them being paranoid. They should be. They are being paranoid for me. They are doing a good job protecting the user.

I'm curious about why they have an Asterix server on the same network as their database... is there a voice authentication feature, or are we just talking about their office phones?<p>Either way, they seem to be taking this seriously, even if they are just being overly paranoid, I find it comforting.

i'm surprised by the reactions here. maybe i am misunderstanding the blog post, or maybe others are?<p>as far as i can see they are being extremely paranoid. they seem to be monitoring (and following up on!) traffic flow, which is itself pretty impressive, are flagging this even though they have no other error signs, and have done a good enough job in their implementation that can say, without any more details, that the only risk is via brute force cracking.<p>i use keepassx locally, but my take on this is that they are way better than average. this kind of report would make me use a company, not switch from them.

Not happy that I'm finding this out via a blog post and not an email.

Nice to see a company so transparent about situations which could easily have been hushed down.

Interesting, it isn't prompting me to do any such thing.<p>Anyway, since many are mentioning 1Password - I used that for a couple years and switched to lastpass, because I was tired of having to install plugins across all the browsers on a platform and then having to find workarounds with Dropbox for syncing on additional machines and the lack of a Windows client, when I'm stuck working on Windows.<p>Also, since I use two-factor authentication, I wonder if that's the reason they have not asked me to change my password?

Wow, Lastpass won't let me login to my account now, and doesn't throw any error message whatsoever. When I try to change my password it says I can't because I don't have their browser plugin. Wacky, this is quite frustrating

Result of me trying to log in to delete my account, just in case (having switched to 1Password): <a href="http://cl.ly/3T0B2W09262N3k2j2U3k" rel="nofollow">http://cl.ly/3T0B2W09262N3k2j2U3k</a>

So I just started using 1password and was thinking of lastpass. I'm still trying to figure out which is better. Anyone have any comments?

That's not very smart considering that a lot of people won't be able to lockin to their email to verify their emails because they don't have access to the login details of their email because they haven't verified it.<p>And why the hell didn't they use scrybt in the first place? For a company so paranoid, that seems to border on neglect.

That's the final straw for me. Just exported my login details, emptied out my lastpass vault and uninstalled the addon. Will stick to storing my login details in a Dropbox distributed GnuPG protected flat file. Less convenient, but at least I'm not reliant on a third party.

IMHO everyone who is using such a service is a moron.

Suddenly, I'm glad I switched to 1Password.

Does anyone know if there is a way to encrypt my lastpass db using both a password and an RSA private key?

Let this be a reminder to LastPass to include a password expiration date by default.