Whether or not you leave LastPass is not so much an issue of the data breach but more an issue of whether you set up your LastPass account properly. Remember, the grass isn’t always greener. If your master password is St@rTrekRules1 then you’re in trouble as that can be brute forced in a short amount of time. The bad actors require your LastPass master password to gain access to the backup of your password vault they stole. LastPass encourages strong passwords, if you failed to follow their recommendation then the issue is not leaving LastPass, the issue is changing all of your passwords as the bad guys can easily figure out your master password.
If your master password was setup to LastPass recommendations, you’re fine. It will take decades to crack your master password and odds are the bad actors won’t spend that much time on it as they are looking for quick returns.
But wait! The bad guys still have my encrypted data! True, and while unsettling, if you leave LastPass for another cloud-based password manager, what’s to prevent one of their engineers from falling for the same trick. Remember, this was human error. Even a password manager you host yourself is subject to security tricks and must be setup properly. For the most part, it comes down to a matter of preference.
Using a password manager is important and the LastPass breach reinforces the need to use a password manager properly, both individually and corporately (and to watch out for a security trick, too.)
Jonathan Smith is the Director of Technology at Faith Ministries in Lafayette, IN and the President of MBS, Inc. He is an author and frequent conference speaker. You can reach Jonathan at jsmith@faithlafayette.org and follow him on Twitter @JonathanESmith.