"I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass user's email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass. I call this attack LostPass. The code is available via Github. LostPass works because LastPass displays messages in the browser that attackers can fake. Users can't tell the difference between a fake LostPass message and the real thing because there is no difference. It's pixel-for-pixel the same notification and login screen", says Sean Cassidy, CTO, Praesidio.
SourceI finally dumped last pass, I am now copying and pasting my passwords. Even if that helps. What other alternatives do we have not as in password managers but as to login?