DDE_Server

Level 12
Verified
Password management service LastPass is currently going through a major outage as users are reporting being unable to log into their accounts and autofill passwords, with some users reporting issues going back for days.

User reports about login issues have been flooding Twitter, but also the company's forum, Reddit, and DownDetector. Users are reporting receiving the following error when trying to log in: "An error has occurred while contacting the LastPass server. Please try again later." Both home and enterprise users are impacted.

According to reports, LastPass' support staff has been either non-responsive, or denying reports of any technical issue happening at all. Despite issues being reported as far back as three days, the company has not updated its status page to reflect the incident, nor do they provided any type of explanation or useful help to their userbase.


"The fact that LastPass is denying on twitter that there is any outage when multiple people are reporting auth server issues and are locked out with no support response means that I have to walk," said one user on Reddit. "The worst part is not the outtage itself but their (lack of ) response. You gotta be able to trust your password manager and now I can't."

According to multiple user on Twitter [1, 2, 3, 4], the problems appear to impact only users with LastPass accounts dating to 2014, or prior.

On DownDetector, a company spokesperson said the company was still investigating the incident, stating that there are no glaring issues with its servers -- which suggests the roots of this outage might be in a software component.


"We are aware of and actively investigating reports from some LastPass customers who are experiencing issues and receiving errors when attempting to log in. At this time no service issues have been identified."

Contacted by ZDNet, the company described the outage as "an isolated issue with limited impact" and said that "engineers are working to resolve the issue."
 

shmu26

Level 84
Verified
Trusted
Content Creator
Lastpass had become insecure and quite shady everytime they got issues.
I shifted long time ago to Bitwarden and I'm fully happy to have done it.
I was using bitwarden until very recently, but then I discovered to my horror that they don't save old versions of passwords. That means if you mistakenly modify a password entry in bitwarden, you can't retrieve the correct password. But with LastPass, you can botch up the password entry and recover the the right one.

EDIT: I was mistaken. Bitwarden implemented password history about a year and a half ago, you just need to know where to look for it. See @matrixlord's post a little further down, for a screenshot.
 
Last edited:

Umbra

Level 25
Verified
I was using bitwarden until very recently, but then I discovered to my horror that they don't save old versions of passwords. That means if you mistakenly modify a password entry in bitwarden, you can't retrieve the correct password. But with LastPass, you can botch up the password entry and recover the the right one.
You shouldn't mistakenly replace it, because Bitwarden will ask you if you want to update the password or not. If you clicked happy then...
 

matrixlord

Level 2
I was using bitwarden until very recently, but then I discovered to my horror that they don't save old versions of passwords. That means if you mistakenly modify a password entry in bitwarden, you can't retrieve the correct password. But with LastPass, you can botch up the password entry and recover the the right one.
I hope im understand correct, Bitwarden store old passwords.

Annotation 2020-01-22 144725.png
 

redsworn

Level 3
Verified
Another reason cloud DBs with your passwords is not safe, you wanna keep such things local, main reason I use KeePass.
Username checks out! :D

But seriously though, can't agree more with you. I was a long time lastpass user and that realization hit me hard few years ago.
Can't remember exactly what eventually pushed me to migrate to KeePass but I never regret the decision. I tried to persuade my close friend to move over too but he sticks with LastPass.

I completely understand why people prefer using cloud based password manager. It's very convenient. But for me, being able to manage and having total control of your own password database is a bliss too!
 

shmu26

Level 84
Verified
Trusted
Content Creator
If LastPass got hacked somehow, they would have passwords from tens of millions of users, it would be a world-wide disaster and hit the news. The chances are next to zero that they would get money out of your bank account before you had a chance to change the password. The chances are much greater that you will get locked out of your own bank account by losing your password due to a user mistake or a computer disaster, because it wasn't backed up to the cloud.
 

blackice

Level 15
Verified
If LastPass got hacked somehow, they would have passwords from tens of millions of users, it would be a world-wide disaster and hit the news. The chances are next to zero that they would get money out of your bank account before you had a chance to change the password. The chances are much greater that you will get locked out of your own bank account by losing your password due to a user mistake or a computer disaster, because it wasn't backed up to the cloud.
I don’t think this one is a security issue. It was just a hiccup of an update for some users with older accounts. This type of thing happens with any large company. I think a lot of other password managers would have issues discovered if they were large enough and targeted more. Bitwarden has had issues before as well, even though it was bad programming on Chrome’s part.
 

shmu26

Level 84
Verified
Trusted
Content Creator
I don’t think this one is a security issue. It was just a hiccup of an update for some users with older accounts. This type of thing happens with any large company. I think a lot of other password managers would have issues discovered if they were large enough and targeted more. Bitwarden has had issues before as well, even though it was bad programming on Chrome’s part.
I have two bank accounts. Lastpass autofills Bank A but not Bank B.
Bitwarden autofills B but not A.
I complained to both.
Bitwarden told me much faster, and much more politely, the same answer as Lastpass gave: we can't see the problem and we can't help you.
 

blackice

Level 15
Verified
I have two bank accounts. Lastpass autofills Bank A but not Bank B.
Bitwarden autofills B but not A.
I complained to both.
Bitwarden told me much faster, and much more politely, the same answer as Lastpass gave: we can't see the problem and we can't help you.
Very interesting. I’ve not had lastpass issues, so I’ve never contacted customer service. I’ve also only seen it not auto fill once. I am, however, looking at alternatives with the buyout looming.
 

shmu26

Level 84
Verified
Trusted
Content Creator
Very interesting. I’ve not had lastpass issues, so I’ve never contacted customer service. I’ve also only seen it not auto fill once. I am, however, looking at alternatives with the buyout looming.
If I had a paid subscription from LastPass, I assume I would get better service than I did. But I am on the free version.
 

Azure

Level 25
Verified
Content Creator
I consider switching to Bitwarden. Do I have to manually copy one by one or is there a way to copy a whole database from Lastpass to Bitwarden?
You can transfer LastPass passwords to Bitwarden. But you have to be careful. Cause last time I did so there were some characters in Lastpass that didn't transfer correctly to Bitwarden. So the password ended up being a little wrong.
 

shmu26

Level 84
Verified
Trusted
Content Creator
I have two bank accounts. Lastpass autofills Bank A but not Bank B.
Bitwarden autofills B but not A.
I complained to both.
Bitwarden told me much faster, and much more politely, the same answer as Lastpass gave: we can't see the problem and we can't help you.
Lastpass is more secure for me, because it successfully autofills my bank site that has poor security. That's the one I don't want my password to be caught by my computer's clipboard. The bank site that Lastpass can't autofill is better: it will ask for two-factor authentication if someone attempts to transfer money from a different computer.