Please check out our Frequently Asked Questions, which includes lists of subreddits, webpages, books, and other articles of interest that every sysadmin should read!
For those that may not have seen it, since instead of a new post they “updated” the one from November…Looks like it’s even worse than they first let on- now not just LastPass, but a bunch of their other products. Oh, and encrypted backups from some of those services- *and an encryption key for some of said backups*
Steve Gibson did a really nice explanation of the breach in this and the earlier podcast https://twit.tv/shows/security-now/episodes/905?autostart=false
I will repeat what I tell people: Don't use Lastpass. There are multiple better choices that are easy enough to use and do not have a history of stupidity.
I recommend password managers that allow the end user to control the access keys so the company/storage provider never sees the real data in the first place.