The LastPass Breach Taught Us What a Password Manager Actually Needs to Be

In August 2022, hackers accessed LastPass’s development environment. The company disclosed this incident and assured users that no customer data had been exposed. In December 2022, they revised that disclosure: encrypted vaults had also been stolen. In February 2023, they revised again: backup data had been taken as well, including unencrypted metadata — the URLs of every site stored in user vaults, notes fields for some entries, and account details.

The metadata breach is worth sitting with. Even if the encrypted vault contents remain secure against brute force, attackers now know exactly which banking sites, brokerage accounts, and email services each user had stored. That information is useful for targeted phishing, for social engineering, for prioritizing which accounts to attack. The encryption on the passwords themselves was not broken. The information surrounding them was exposed in plain text.

I’ve been following password manager security since before this incident, and the LastPass situation clarified something about what the category actually requires that I want to address directly before getting to specific recommendations: zero-knowledge architecture protects the contents of your vault. It doesn’t protect everything. The metadata, the architecture choices outside the vault, the backup practices, the incident response — these matter just as much as the encryption algorithm on the passwords themselves.

What Separates a Trustworthy Password Manager From a Risky One

The marketing language around password managers has converged around a few phrases — zero-knowledge, AES-256, end-to-end encrypted — to the point where distinguishing options based on stated security properties alone is nearly impossible. Every major password manager claims all of these. The differentiators are elsewhere.

Independent security audits that are published, not just completed, tell you whether a company is transparent about what gets found and fixed. 1Password, Bitwarden, and Dashlane all publish annual third-party audit results. Publishing the audit is more meaningful than having one — it signals that the company is comfortable with external scrutiny rather than using the audit primarily as a marketing claim.

Breach history is the most direct signal available. No major password manager is guaranteed immune to breaches, but the response to a breach reveals the actual security architecture’s adequacy. The fact that LastPass experienced cascading disclosures — each revision revealing additional compromised data — indicates that the architecture allowed more to be exposed than a well-designed system should permit. The data that wasn’t supposed to be there to steal shouldn’t have been there in the first place.

Open-source code is a meaningful differentiator for users with the inclination to evaluate it. Bitwarden publishes its full client and server code, meaning the security community can inspect exactly what the software does rather than relying on the company’s assertions. This doesn’t guarantee security — audited proprietary code can be secure, and open-source code can have vulnerabilities — but it changes the trust basis from “believe us” to “verify it yourself.”

The master password’s relationship to the vault encryption matters in the architecture details. 1Password uses a “Secret Key” — a 128-bit key generated on your device at account creation, required alongside the master password to decrypt the vault. This means that even if someone obtains your master password through phishing or database exposure, they cannot decrypt your vault without also having the physical device where the Secret Key was generated. This is a structural defense against the most common attack vector against password managers.

The Options Worth Using

Bitwarden is the default recommendation for most people, and the reason is the combination of open-source transparency, a genuinely functional free tier with no device limits, and a track record without major incidents. The premium tier at $10 per year adds TOTP generation, emergency access, and encrypted file storage. The family plan covers six people for $40 annually. The interface is functional rather than polished — more utilitarian than 1Password — but the security model is sound and the price-to-value ratio is exceptional. For privacy-focused users who want maximum control, Bitwarden supports self-hosting, meaning you can run your own instance of the server on hardware you control and never trust any cloud service with your vault.

1Password is the better choice for users who want a more refined experience and specific features that Bitwarden doesn’t offer. The Secret Key architecture provides a meaningful additional security layer. Travel Mode — which temporarily hides designated vaults when crossing borders, preventing device inspection from revealing sensitive accounts — is a capability that has no equivalent elsewhere. Watchtower monitors stored credentials against breach databases and flags weak, reused, or compromised passwords. The interface is genuinely well-designed and works consistently across platforms. At $36 per year for individuals and $60 for families of five, it costs more than Bitwarden but remains cheap relative to the financial privacy value of not having accounts compromised.

Dashlane is defensible primarily for users who want dark web monitoring tightly integrated with password management and don’t want to manage separate subscriptions. The monitoring scans breach databases for your email addresses and alerts when your credentials appear. The bundled VPN is basic relative to dedicated VPN services but functional for casual use. At $60 per year for the premium tier, it’s the most expensive individual option in the category.

Keeper is designed for enterprise and compliance-sensitive environments — SOC 2 certified, HIPAA-ready, with the audit trail and user management features that businesses under regulatory requirements need. For individual personal use it’s overkill. For a business in healthcare, finance, or legal services where compliance documentation matters, the certification infrastructure justifies the cost.

NordPass is the simplest option from a UX standpoint, built by the team behind NordVPN. The XChaCha20 encryption is cryptographically equivalent to AES-256 — not weaker, just different — and the Argon2 key derivation is actually stronger than the PBKDF2 used by some competitors. The free tier is restricted to a single device, which limits its utility for anyone with a phone and a laptop. The premium tier at roughly $18 per year is the cheapest paid option among the credible choices.

The Browser-Based Option Question

Chrome’s built-in password manager, iCloud Keychain, and Edge’s password storage are used by the majority of people who store passwords digitally at all, and the honest assessment is more nuanced than “don’t use them.”

iCloud Keychain uses genuine end-to-end encryption on Apple devices and has been independently scrutinized as a reasonably secure option within the Apple ecosystem. The limitation is the ecosystem constraint — it doesn’t work cross-platform, and if you have any Android device, Windows machine, or non-Apple browser, the integration breaks down. For someone living entirely within Apple hardware, it’s an acceptable baseline.

Chrome and Edge password storage are more problematic. The passwords sync to Google and Microsoft servers respectively, and while both companies claim strong encryption, neither operates with the same zero-knowledge architecture that dedicated password managers provide. The companies can theoretically access your passwords in a way that 1Password or Bitwarden cannot. For most users this is a manageable risk; for anyone who is a target for sophisticated attacks or who has high-value accounts worth protecting, it’s a meaningful distinction.

The most common failure mode of browser-based password storage isn’t the architecture — it’s the password generation. Browser managers will autofill existing passwords readily but are less aggressive about prompting you to generate new unique passwords when creating accounts. The result is that people who rely on browser storage tend to accumulate accounts with reused or weak passwords rather than systematically upgrading to unique strong ones.

The Master Password Is the One You Have to Get Right

Every password in your vault is protected by the quality of one password. Getting that one wrong undermines everything else.

The diceware method produces master passwords that are both memorizable and genuinely strong: roll a physical die six times, look up the resulting numbers in a word list, produce a passphrase of six random words. “correct-horse-battery-staple” is the canonical example — four common words strung together produce roughly 44 bits of entropy, which is lower than typical guidance. Six words produces approximately 77 bits, which is strong enough to be computationally infeasible to brute-force with current and near-future hardware. Adding a number and a symbol extends it further.

The master password should be memorized and written on paper stored somewhere physically secure — not in a digital file, not in another password manager, not photographed. The paper copy exists for account recovery if you ever forget it, not for regular reference.

Two-factor authentication on the password manager account itself adds the layer that matters most against remote attacks. If someone obtains your master password through phishing or data exposure elsewhere, 2FA on the password manager account prevents them from accessing the vault without also compromising your second factor. Hardware security keys — YubiKey is the most commonly recommended option — are the strongest second factor available, resistant to phishing in a way that authenticator app codes and SMS codes are not. Buying two and registering both (one primary, one backup stored securely) is the right approach.

Migration From LastPass or Browser Storage

The practical reality for anyone currently using LastPass is that the breach damage is done — if you had a weak master password, your vault may have already been cracked; if it was strong, the vault contents are likely still secure. Either way, continuing to use LastPass after its incident response credibility collapsed is not a reasonable position.

Export from any existing password manager produces a CSV file. Every major alternative — Bitwarden, 1Password, Dashlane — supports CSV import and provides direct import tools for LastPass specifically, which is the most common migration source. The export file contains all your passwords in plain text for the duration of the import process. Delete it immediately after verifying the import completed correctly. Leaving it on your hard drive defeats the purpose.

Browser password export follows the same pattern. Chrome exports a CSV through chrome://settings/passwords → three-dot menu → Export. Safari exports through System Preferences → Passwords → select all → export. Import those CSVs into your chosen password manager, verify the count looks right, then systematically disable autofill in the browser and clear the stored credentials from the browser’s native storage.

This migration is the most tedious hour you’ll spend on digital security. It’s also the one with the clearest before-and-after improvement: reused passwords stored in a vulnerable place replaced by unique generated passwords in an encrypted zero-knowledge vault. The biometric security risks post covers what comes after passwords — passkeys, biometric authentication, the tradeoffs in that shift. The password manager is the foundation that makes all of it coherent.