So a fun thing that happens with LastPass is that a) it forces sites to reload and frequently breaks login pages, so that I have to disable the extension to log into my bank (for example). It also breaks its own site, so that I can't access my vault without reinstalling the extension and clearing my cookies/cache. Which WERE just annoying, but when I had the audacity to change my phone number meant that I couldn't access my vault to update it, then couldn't use the extension at all (because I couldn't do the 2FA). Support has been actively making it worse and asking for proof of account ownership that's either a) impossible (receipt for payment), b) deeply insecure and exploitable (a photo of my face + my ID by email), or c) frankly insane (enterprise/federal-level identity verification services). Heads up: do NOT send a photo of your face with your legal identification by email unless you REALLY want your identity stolen!

I personally didn't experience too many problems using LP for years. Although the forced-sign outs every so often + not being able to sign in on more than one device at a time was a big inconvenience. After all the security concerns, I decided to delete my account and switch password-managers.

Do a search on "LastPass breaches" to see the problem. Put simply, LastPass has demonstrated that its security infrastructure — both software and DevOps — is not robust enough to warrant trust.

Moreover, its management appears substantially more interested in minimising negative publicity than ensuring client safety. In short, LastPass cannot and should not be entrusted with your passwords. I used them for over a decade, but have now moved to the open-source BitWarden.

It was a suprisingly smooth transfer, apart from having to change all the passwords that LastPass's breaches compromised.

o.k.