More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists
There’s no such thing as an impenetrable password manager. I keep my most secure passwords in my head, and so should everyone.
Even if the software were perfect, people aren’t. Anyone can be fooled under the right circumstances. It’s better to expose one service than all of them at once.
Your head cannot be securely backed up, and you are not resistant to major thread actors (torture, and so on)
2fA is an important element too.
How would someone steal my password and my physical yubikey for 2fa?