4.146.5 breaks all external webauthn integration: yubikey, titan keys, and mac touch id. Verified across linux and macos.

Update: Reverting back to 4.145.0 solved this issue.

The most recent version of Lastpass with passkeys has broken TouchID on MacOS. Lastpass trying to save passkeys results in an immediate "Unable to authenticate it looks like you canceled the passkey authentication process", because it is interfering with the MacOS touchID passkey process. Thus it is unusable on websites that I use TouchID on, and also locks up the browser, forcing me to force quit and restart it. Please issue a new update.

Sadly, the new versions are broken. The last working version is 4.138.3 (from January 2025). I hope LP takes care of the problems. Thankfully, the downgraded version works fine :)

So a fun thing that happens with LastPass is that a) it forces sites to reload and frequently breaks login pages, so that I have to disable the extension to log into my bank (for example). It also breaks its own site, so that I can't access my vault without reinstalling the extension and clearing my cookies/cache. Which WERE just annoying, but when I had the audacity to change my phone number meant that I couldn't access my vault to update it, then couldn't use the extension at all (because I couldn't do the 2FA). Support has been actively making it worse and asking for proof of account ownership that's either a) impossible (receipt for payment), b) deeply insecure and exploitable (a photo of my face + my ID by email), or c) frankly insane (enterprise/federal-level identity verification services). Heads up: do NOT send a photo of your face with your legal identification by email unless you REALLY want your identity stolen!

I personally didn't experience too many problems using LP for years. Although the forced-sign outs every so often + not being able to sign in on more than one device at a time was a big inconvenience. After all the security concerns, I decided to delete my account and switch password-managers.

Do a search on "LastPass breaches" to see the problem. Put simply, LastPass has demonstrated that its security infrastructure — both software and DevOps — is not robust enough to warrant trust.

Moreover, its management appears substantially more interested in minimising negative publicity than ensuring client safety. In short, LastPass cannot and should not be entrusted with your passwords. I used them for over a decade, but have now moved to the open-source BitWarden.

It was a suprisingly smooth transfer, apart from having to change all the passwords that LastPass's breaches compromised.