After looking into this more, I’m definitely planning on switching from lastpass, but I did wanna clarify a couple things first.
Between this blog post, and this forum thread linking to this other blog post, I’m under the impression that LP’s number of PBKDF2 iterations used isn’t a big deal as long as your master password is secure, and I feel like that’s always gonna need to be the case no matter how much we want the password manager to take over.
That said if the crux of your point is that they didn’t do ANYTHING to address customers’ eventual concerns to low PBKDF2 iterations, whether that be via notification or forced config update, then that seems fair.
After looking into this more, I’m definitely planning on switching from lastpass, but I did wanna clarify a couple things first.
Between this blog post, and this forum thread linking to this other blog post, I’m under the impression that LP’s number of PBKDF2 iterations used isn’t a big deal as long as your master password is secure, and I feel like that’s always gonna need to be the case no matter how much we want the password manager to take over.
That said if the crux of your point is that they didn’t do ANYTHING to address customers’ eventual concerns to low PBKDF2 iterations, whether that be via notification or forced config update, then that seems fair.