The problem is that most people will choose simple master passwords. By not requiring an autogenerated secret key, LastPass prioritized ease of onboarding (=increased profits) over user security, and now the average consumer will be facing the consequences.

An old Dilbert on this topic: https://dilbert.com/strip/2007-11-16

How do you store the secret key? In your head? In a physical device you must carry around?

On a printout and even inside the vault itself. You only need the key the first time you unlock the vault on a device. After that the key can be encrypted locally with just the master password or kept in the TPM (or the platform's equivalent).

But if you don’t have the printout and a device with the encrypted key, you cannot access anything. I’m not sure users are going to be happy.

To lose your passwords, you have to lose literally every device you have LastPass on and your printout and any E2EE backups of the key (e.g. to iCloud.)

Yes but it’s convenient to access your online accounts when you don’t have access to your devices and your printout.

You should never ever open up any password manager on a device you don't trust and own.

> LastPass prioritized ease of onboarding (=increased profits)

or (=increase number of users actually using a password manager)

1Password has a solution that is quite usable: it generates a secret key and provides facilities to transfer it between hardware devices as needed, e.g. from your phone to desktop. 1Password does not cloud store it and urges users to print a backup copy.

There is a marginal usability benefit to LastPass’s lack of such facilities, but I think this breach shows that the security reduction was too high a price to pay for it.

My comment was only targeted against the claim that prefering easier onboarding (made by the parent comment) only means increasing profits (which probably is also true). Don't get me wrong, I am not making any "lastpass is better" point or anything, I currently think of switching to 1password, because it seems like the better solution overall.

> urges users to print a backup copy

I read it a few times in this thread already, but with the general lack of printers for most people, I find it kind of funny. I personally guess that more people put it unsecured in their dropbox than people actually printing it.

> I think this breach shows that the security reduction was too high a price to pay for it.

I think this breach shows that operational security for lastpass is lacking, something distinctly different from the password storage system security. Although it might be linked as in teams building less secure systems might have worse security themselves.

The use of the secret key is part of 1Password’s operational security - a target full of worthless data is less likely to be breached:

https://blog.1password.com/what-the-secret-key-does/

I used the wrong word apparently. My security vocab got worse over the years, sorry.

What I meant by it: Securing the system against breaches of, even encrypted, data.

I was trying to differentiate the security of access to the encrypted database from the security of the data inside the encrypted database, i.e., how hard is it to get it, instead of how hard it is to break once you have it.

Because I think that the security reduction discussed here (e.g., allowing weak masterpasswords) is on the "how hard is it to break it?" side, while the breach itself is on the "how hard is it got get it" side. Based on this separation, I don't think that the breach is a sign that the reduction was a price too high, because the reduction in security did not make the access easy - bad access security made that possible.

The whole point of a password manager is that "access security" will fail at some point. That's the reason they are E2EE.

Every password manager is built with the idea that one day, the server will be hacked and the vaults will be free to download. The same goes for E2EE in general.

With this in mind, LastPass and Bitwarden's solutions are very poor and can result in most customers vaults being breached, whereas 1Password's secret key model stays strong.

> The whole point of a password manager is that "access security" will fail at some point. That's the reason they are E2EE.

Maybe that's a better way of restating my point that access security is not identical to the security of the password store.

> With this in mind, LastPass and Bitwarden's solutions are very poor and can result in most customers vaults being breached, whereas 1Password's secret key model stays strong.

While believable that most peoples passwords are weak enough to be broken, I wonder how many people actually have bad enough passwords to be reasonably decrypted.

I have no doubt about the security of 1passwords secret-key model being stronger - and I haven't seen anyone claim any different. At most I have seen anyone claim it is cumbersome and will get people to use no password manager instead (resulting in weak, reused passwords).