kungfujoe Wrote:it has identified compromised accounts of mine that HIBP has not.
kungfujoe Wrote:The additional findings are a point in LastPass' favor
Not necessarily. I've noticed many false positives among sites LastPass marks as "compromised" and even among LastPass Sentry's results.
kungfujoe Wrote:hopefully LastPass' source will incorporate "Collection #1" data soon
That's not enough.
"Collection #1" is a combo list dump, meaning many entries there have unknown origins, just email/password pairs.
In this case, checking emails is useless, because an email may be associated with a hundred sites.
Checking passwords is what's needed, and LastPass doesn't provide any way to do that.
BTW, HIBP uses k-anonymity to check passwords, so it's quite secure.
kungfujoe Wrote:Troy's encouragement to use 1Password is a paid advertisement
Doesn't change the fact 1Password has integration with PwnedPasswords, allowing users to check against Collection #1 easily and securely.
But LastPass doesn't have anything similar, and support's reply indicates that they don't want to change their existing method.
I presume *this* is the main reason people are thinking of jumping ship, not Troy Hunt's recommendation.