Security News > 2022 > September > S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]
LastPass source code breach - do we still recommend password managers?
DOUG. That's important to point out, because a lot of people, I think, who don't understand how password managers work - and I wasn't totally clear on this either as you write in the article, your local machine is doing the heavy lifting, and all the decoding is done *on your local machine*, so LastPass doesn't actually have access to any of the things you're trying to protect anyway.
LastPass and other password managers have had security problems before, including bugs in the code that *could* have leaked passwords, and those got some publicity, but somehow they didn't quite attract the attention of this: [DRAMATIC] "Oh golly, the crooks have got their source code!".
As you say, that represents a misunderstanding about how any decent password manager works, where the master password that unlocks all your sub-passwords is never shared with anybody.
Basically, the password manager company doesn't know your master password, and doesn't store your master password, so it doesn't have your master password to lose.
That's important, because it means not only can the master password not be stolen from the password manager site, it also means that even if law enforcement show up there and say, "Right, show us all the person's passwords," they can't do that either.