It’s not been a particularly merry Christmas for LastPass, has it?

On 22nd December, the password management company had no choice but to publish the blog post no company wants to publish.

Referring to a data breach in August when an unauthorised party gained access to the LastPass development environment, LastPass CEO, Karim Toubba, swapped Christmas wishes for an admission that the plot has thickened – in the worst possible way.

As a result of this, I’d suspect that many people are now looking for an alternative to LastPass. Although, arguably, if you’re in that position, I’d suggest your first port of call would be a major overhaul of all your saved passwords – regardless of how annoying that task is.

There are many alternatives to LastPass, and from the limited time I’ve spent recommending my own favourite on these pages, I know that conversations surrounding password security can quickly turn inexplicably unsavoury. I’ll get to that in a moment, but first, let’s quickly run over LastPass’ dreadful end to 2022.

The 2022 LastPass data breach

In August 2022, someone (or a bunch of people – who knows) managed to gain access to parts of the LastPass development environment.

This is already sweat-inducing if you’re part of the LastPass top brass (or that of its parent company, GoTo). You wouldn’t want unauthorised people anywhere near your company’s data and internal tools – no matter the industry within which you reside – but when you’re in the business of keeping humanity’s most important data safe, it’s another matter entirely.

Back then, Toubba told us that no customer data was accessed during the breach. Now, we know there was rather more to the intentions behind the incident than initially met the eye.

The unauthorised party has since used some of the source code and technical information to compromise LastPass once more, this time obtaining credentials which enabled them to access and decrypt some of the company’s storage volumes.

We have now moved from ‘sweat-inducing’ to ‘where’s the nearest toilet?’.

Once inside the storage volumes, the hackers grabbed “basic customer account information” that included names, billing addresses, email addresses, telephone numbers, and the IP addresses used by customers to access the LastPass service.

Ouch.

But it gets worse.

They also managed to steal a backup of a customer data vault, which includes both encrypted and unencrypted data, including website URLs, website usernames, and… yes, passwords.

LastPass has been quick to point out that, in order to access the encrypted data, the hackers would need to use brute force – a task which Toubba suggests would be “extremely difficult”, given the hashing and encryption methods used.

Still… sod the toilet. Get me an ambulance.

My best password manager recommendation – house rules

I’m not going to make LastPass’ year any worse by pontificating about the how and why of these data breaches. They got themselves into this almighty mess, and it is going to take a PR miracle to help them recover.

Instead, I’d much rather point you in the direction of my password manager recommendation, and the tool I use personally to keep all of my personal data (and that of my business) safe.

Before I do, I’m afraid I need to lay down some ground rules.

There are several types of content I create that are guaranteed to draw in the knuckle-draggers – the people who are incapable of respecting differing opinions, and who blindly leap into comments sections and empty their trousers without bothering to read my article in full. Headphone reviews are a great example (and I still have no idea why), but password managers are something else.

So, before you get involved in the comments section, this is what you need to bear in mind:

  • this isn’t a password comparison article: I have no interest in conducting a complex and time-consuming in-depth assessment between the multitude of tools out there – that’s a job for someone else;
  • there are LOADS of alternatives: this is the wonderful thing about tech (and life in general) – if you don’t like something, there will be an alternative that floats your boat. Do your research – don’t just rely on my opinion;
  • I’m not an open source person: if you’re part of the BITWARDEN MASSIV, I’m genuinely happy for you – but I’ve never used it and probably never will, and this blog post definitely isn’t for you (the door is over there – please shut it on your way out); and
  • I’m a 1Password affiliate: 1Password has sponsored my brand on multiple occasions and I continue to earn affiliate revenue from them. This is because I’m running a business and need the support of great partners like 1Password to continue providing free content like this – but it doesn’t influence my opinion on what I genuinely think is a great platform.

If you fail to take the above into account and still head into the comments section with your trousers on fire, I’ll delete your comment. Simple.

Right, on with my recommendation for the best alternative to LastPass!

Why I love 1Password

Ironically, this is going to be the simplest part of this guide.

I’ve been using 1Password for a couple of years now, and I couldn’t do without it. I use it to store everything, from my login credentials (obviously) to notes that I don’t want anyone else to see – ever (not so obvious).

More importantly, setting up 1Password on any device never feels like a chore and that means I can immediately get on with the exciting part of configuring my stuff without worrying about login credentials. This is what password management is all about.

Cross-device compatibility is also massively important for me, and 1Password smashes it in that regard – it works on every platform I care about.

1Password also enables me to share specific login details with people I trust, and I’ve used its ability to provide one-time or limited-time access to my stuff on more than one occasion.

Grab 1Password HERE (try it FREE + get 25% off your first year!)

That’s it, really. 1Password is a brilliant password manager – in my opinion. There’s nothing to get particularly excited about, bar the time it saves (which is significant) and the promise of continual improvements and development.

Just like LastPass, 1Password is cloud-based, which, as we’ve established, isn’t for everyone. And, given recent events, that might leave you with one crucial question.

Has 1Password ever been hacked?

No.

In fifteen years of service, 1Password has never been hacked. I won’t praise them for that – it’s the bare minimum requirement of a password management platform – but it’s the peace of mind you and I need as users.

If that changes and 1Password suffers a fate similar to that of LastPass, there are two things the hacker would need to gain access to your stuff – your account password and your Secret Key. The former is your responsibility and the latter is generated locally during setup – but neither is known to 1Password and is never stored on its servers.

No password manager can claim 100% unhackability and there are some devilishly clever nasty people out there, but I’m not sure 1Password can do much more to keep your stuff safe – if you keep your side of the bargain with a strong master password.

Final thought

Is 1Password different or somehow better than other password managers?

No, it really isn’t.

At the moment, 1Password has serious one-upmanship on LastPass simply because the latter has allowed hackers into its vaults. Technically, though, most cloud-based password managers offer identical feature sets and, as noted, none of them is unsusceptible to hacking attempts.

Your choice will come down to one thing – your own research. Don’t just take my word for it; as I say time and again, what works for me may not work for you – consider this guide just one step on your journey to find the perfect password manager for your requirements.

This post includes affiliate links