Thing is: this is the third article on the topic I wrote in the past few days. Covering your options wasn’t the goal here, it’s in the first article: https://palant.info/2022/12/23/lastpass-has-been-breached-wh.... Particularly the “executive summary” at the start.
As to the “speculations”: I have sufficient experience with LastPass press releases to assume the worst whenever they omit details that they should definitely know. On a number of occasions they covered security vulnerabilities that I found, and I know how they operate.
Mind you, I would be more than happy to learn that I’m wrong. But this isn’t a situation where “hope for the best” is a viable approach.
Note: I did not claim that LastPass is storing master passwords. They claim that they built their system in a way that they cannot. And I merely point out that this isn’t true: they could have built their system in such a way, but they chose not to, despite being warned about it repeatedly.
As to the “speculations”: I have sufficient experience with LastPass press releases to assume the worst whenever they omit details that they should definitely know. On a number of occasions they covered security vulnerabilities that I found, and I know how they operate.
Mind you, I would be more than happy to learn that I’m wrong. But this isn’t a situation where “hope for the best” is a viable approach.
Note: I did not claim that LastPass is storing master passwords. They claim that they built their system in a way that they cannot. And I merely point out that this isn’t true: they could have built their system in such a way, but they chose not to, despite being warned about it repeatedly.