As news of the LastPass compromise spreads, many users are wondering if using a password manager is smart (all your eggs in one basket protected by one password). Setup properly, the answer is an emphatic yes. The key is two factor authentication. LastPass allows you to enable two factor authentication, so even if your master password was compromised, the attackers still could not get in without your cellphone, Yubikey, etc. More importantly – you should have two factor authentication enabled on your primary email account as that can be used to reset most account passwords anyway.


Hackers broke into popular password manager LastPass this week, which raises some obvious questions: If the service you use to protect your passwords from getting compromised gets compromised, should you still use it? Is it really wise to store all our passwords in the cloud?