In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…
Password vaults are great! Giving them to a central authority is… a little risky though. LP has a pretty decent history other than this, so I don’t fault anyone for using them. But after that breach, it’s probably good to consider those creds burned and recycle them.
A good self-hosted alternative might be something like Keepass on Syncthing. Though a downside of that is that you might be even less likely to know of a vault exfil than a service like LP.
Either way you go, it’s good to recognize the limiations and act accordingly.