It might be obvious that any LastPass users should want to migrate away from the service given the recent data breach they’ve had but it’s not that simple, especially when you’re fully in with the service. To put that in to context, I’ve been a user for about eight years, fully paid up with an annual plan that I share across the family; we’re all pretty heavy users and I had over 500 passwords stored in the service to give you some context.

My previous post looked at producing a C4 model for my (simple) website. This post takes that a step further and looks at how we can use C4 modelling to elicit security and privacy threats using two frameworks: STRIDE. Most people know STRIDE, it’s derived from the Microsoft security threat modelling process from the early 2000s and represents Spoofing, Tampering, Repudiation, Information leakage, Denial of service and Elevation of privilege. LINDDUN.