Security News > 2022 > August > LastPass source code breach – do we still recommend password managers?
As you no doubt already know, because the story has been all over the news and social media recently, the widely-known and widely-used password manager LastPass last week reported a security breach.
We regularly recommend our readers and podcast listeners to consider using a password manager, even though we've also written up numerous security blunders in password manager tools over the years.
This attack doesn't appear to involve a vulnerability in or an exploit against the LastPass software by which crooks could attack the encrypted passwords in your password vault, or to involve malware that knows how to insinuate itself into the password decryption process on your own computers.
What if the crooks break in again, and next time it's not the source code they get hold of, but every individual password stored by every individual user?
No passwords in your password vault are ever stored in a directly usable form on the password manager's servers, and your master password is ideally never stored at all, not even as a salted-and-stretched password hash.
A good password manager won't let you put the right password in the wrong site.