LastPass' Free Tier Will Become a Lot Less Useful Next Month (theverge.com) 189
LastPass is adding new restrictions to its free subscription tier starting March 16th that'll only allow users to view and manage passwords on one category of devices: mobile or computer. From a report: Mobile users will be limited to iOS and Android phones, iPads, Android tablets, and smartwatches. Computer subscribers will be able to use their passwords from Windows, macOS, and Linux desktops and laptops, the LastPass browser extension, and Windows tablets. Users on LastPass' free tier will be asked to pick between the two options the first time they log in after March 16th, and the company says they'll be able to switch between categories up to three times after they've picked. Although customers are restricted to a single category of devices on the free tier, they'll still be able view and manage passwords from an unlimited number of devices within either the mobile or computer category. LastPass says no users will be locked out of their accounts or lose access to their passwords as a result of the changes. As well as restricting its device types, LastPass is also changing the kinds of customer support free tier users will be able to access. From May 17th, free users will lose access to email support, the company announced.
Bait and switch (Score:5, Insightful)
The classic startup tactic. Give it away for free, hope people get hooked on it and then try to charge. Even if you lose 99% of your customers maybe the remaining 1% is enough.
Re: (Score:3)
Of course, 99% paying nothing but incurring a cost to provide service is usually not a sustainable business model. One should always be suspicious of a service being provided for free.
Re: (Score:3)
*and before anyone says "FOSS", a lot of that development is funded.
Just use KeePass (Score:5, Informative)
Problem sorted, LastPass can go burn.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
When you host your own Bitwarden, is there a way to point their version of the mobile app to your private server? I'm trying to decide between running my own or paying them. I think I'm ready to get off LastPass.
Re: (Score:3)
Re: (Score:3)
It's not just storing your passfile. They also write the app and extensions to autofill the forms for me, which adds value. I could write those extensions/apps myself, but it would cost me more.
This is a common tactic when people want to say something isn't worth it - just trivialize what's being provided and artificially misrepresent the costs required to supply it. If you're not using anything other than the fact that it stores an encrypted file for you, then sure, you might have a point but the 'killer a
Re: Bait and switch (Score:3)
Maybe you are on to something here. Perhaps Last Pass should have separated the value add features, like filling in forms and handling local authentication. They could even enable it partially, only for one week a month in a free version, with a popup reminding people it's a free taste, and an option to disable the value add completely to avoid the popup. I'm sure there would be some usability things to work out, but it's possible.
That said, the purpose of limiting the free version is to convince people to
Re: (Score:2)
Gone with the Cloud (Score:3, Insightful)
Assume everything on the internet is transient. If it lasts, you got lucky; if not, don't be disappointed.
Gone with the slash. (Score:2)
Slashdot got lucky then. This is year what now?
Re: (Score:2)
Indeed! Slashdot is an exception to the rule. A lot of services and tools I used to use are long gone or morphed into corporate crap-holes.
Maybe in the year 2070 slashdot will still be around...and still not allow corrections nor handle Unicode correctly ;-)
Re: (Score:3, Interesting)
Even if you lose 99% of your customers maybe the remaining 1% is enough.
I was a paid premium user until last month, as I had paid it for several years back when the price was still a reasonable $1/month. Since my paid subscription ended I was wondering whether remaining as a LastPass free user was good enough, or if I should go through the trouble of moving to an alternative service since LastPass definitely isn't worth $3/month. I researched a few, and they were either in the same price range or even pricier (!). Inertia was still pulling me into remaining with LastPass, so th
Re: (Score:2)
Re: (Score:2)
Exactly this. I'm surprised at all the tech pros who make at least $40/hr complaining about $3/month in cost for software that gets supported across multiple platforms that they don't have to support themselves. Even with KeePass, you have to set up the infrastructure and go digging for ports for each device. And you somehow trust every one of these independent developers. If you really need the added security or it's a hobby, fine. But for folks with stuff to do, fighting this battle seems unnecessary.
Re: (Score:2)
Why would you not pay for the full version of a password manager application? From a cost/value perspective, it seems really dumb to assume perpetual password management on a "free" product.
And at this stage, if you haven't figured out the get-you-dependent-and-raise-prices business strategy of anything cloud based, maybe you ought to just turn off the internet and stay home. I'm not saying it's good, it's awful in many ways, but here we are.
Re: (Score:2)
I suppose because the service isn't worth $36/year?
Re: (Score:2)
Well as I pretty much said above, the majority has some kind of always-on connection. There's nothing from a technical standpoint keeping people from running a personal service, just like some do to get away from Gmail. I can even access my home network from my mobile so that's not left out. Problem is there's no complete solution out there (piecemeal maybe). Google print and voice both demonstrated with proper software support (built into printer and ATA) one could access a local resource from anywhere (mo
Re: (Score:2)
From a cost/value perspective, it seems really dumb to assume perpetual password management.
I think you could have just stopped your sentence there. The only real "perpetual password management" system is pen and paper and even that depends on you not losing the paper that the passwords are written on. 8^)
Re: (Score:3)
Re: (Score:2)
Not as much a condemnation as some of you think. All it basically says is that some don't know the value of what they need or want. How important is security? How important is it if you have to pay for it? Shouldn't the answer be the same to both?
Re: (Score:2)
Or... an inventive way to double the size of the user / account base. Since users will be restricted to either mobile or computer systems, why wouldn't they just pick one type for their existing account and then create a second account for the other type. Just like that, LastPass goes from having (say) 1M users to 2M users. Would look good on an investor report... /cynical
Re: (Score:2)
The classic startup tactic. Give it away for free, hope people get hooked on it and then try to charge.
Actually.. it sounds kind of more like going back to what they were before. When LastPass first started, they were free for use on PCs/Browsers.. the mobile app was only available to Premium Users.
In fact... I didn't realize they had made the mobile app available to Free users. Like wait... I prepaid up about 10 years of LastPass at about a $12 a year, only to have the benefit I paid for becom
Re:Bait and switch (Score:5, Insightful)
I have that with Keepass, which is free. Cloud support, browser integration, all of it. Best of all I fully control it.
Re: Bait and switch (Score:3)
Keepass (which is great and I use) does not have real cloud support. Sure you can keep your file stores on Dropbox or similar, but then opening/syncing on multiple devices takes extra steps on some systems (iOS), you have to remember to save and close the file on one device before opening on another (or risk data loss) and the browser extensions depend on having access to the file in the local file system.
These are minor hassles for the tech-savvy, but multiplied out across all your systems and it becomes a
Re: (Score:2)
Keepass (which is great and I use) does not have real cloud support.
Keepass 2 supports WebDAV natively. You don't need extra steps or syncing software. But if you want there are many plugins that add local file syncing natively in a non-blocking way for various cloud providers. None of this remembering to open/close.
Re:Bait and switch (Score:4, Insightful)
Someone is running the cloud.
Yeah, me. KeePass supports both file operations as well as WebDAV so you literally only an internet connection, and if you don't have one there are plenty of free cloud providers with whom you can simply and easily move between by transferring your couple of kilobyte file. You're not beholden to any one service, not to any one cloud, and hell if you have a publically routable IP you're not beholden to anyone other than your ISP period. And even if you were we were able to synchronise data between devices before clouds.
The only solution would be a BitTorrent-style synchronization
You're thinking too small.
Re: (Score:2, Interesting)
Only really a problem for the freetards
No, it's not the people who are looking for something free here that are dumb. It's the people who are relying on "password management as a service" at all that are being pretty dumb. In case it's not obvious, please feel free to lump yourself into that category.
Paying for someone else to manage your passwords for you doesn't make you smart. It makes you naive. Security questions aside for the moment, you should be very afraid because Lastpass isn't sustainable. Them changing their monetization policy
Re: (Score:2)
Keepass doesn't look very portable. Sure you can port Mono and then build it by the looks of it, a little too much work for a non-progammer who wants nothing to do with Microsoft.
Re: (Score:3)
That's why most of us actually use KeePassXC (or one of the myriad of other versions) which can be had for pretty much any platform you'd ever care about.
Re: (Score:2)
Yeah, I used KeePassX then moved to KeePassXC on my Linux systems. Android, I use Keepass2Android Offline and/or KeePassDroid, depending on my mood. Moving to sync them via my own infastructure, ever so slowly. Using a free account on a certain popular cloud sync currently, but with the changes they've made over the years, I'd rather be ahead of, than behind, any new major change they make.
Re: (Score:2)
OK, thanks, that looks compilable depending on libgcrypt and possibly a couple of the other libraries I don't know.
Sell and prosper. (Score:2)
No, it's not the people who are looking for something free here that are dumb. It's the people who are relying on "password management as a service" at all that are being pretty dumb. In case it's not obvious, please feel free to lump yourself into that category.
You all should be glad people are using password managers PERIOD. Gone are the days of sticky notes everywhere, and "1234" as a password. Busting their chops because they aren't doing everything in-house is silly. No if you all where as smart as you think you where, you'd start selling a complete self-contained RaspberryPi solution that just needed to be plugged into a router. Everything from DDNS to iOS/Android apps. Ready to go.
I wish Lastpass users would go back to PostIts (Score:5, Insightful)
You all should be glad people are using password managers PERIOD. Gone are the days of sticky notes everywhere ... Busting their chops because they aren't doing everything in-house is silly
Sticky notes at least stay in the office where they are stuck. If I write down my password for PayPal on a sticky note and put it on my office monitor, it's still there the next day. If 3M goes out of business, or just decides that they don't like me, I don't lose access to that password. It's still there, faithfully, day after day after day. I don't have to worry that 3M is going to decide that I didn't pay enough for that sticky note and worry that they are going to monetize that sticky note differently and hold it for ransom unless I agree to pay monthly for the service of being able to look at what is written on it. I also don't have to worry about 3M deciding that what's written on that note is just too juicy to pass up and fear them using it themselves or giving or selling it to law enforcement, intelligence agencies, or anyone else they damn well please. With a sticky note, I get to choose exactly where it is placed and I can evaluate that threat model for myself. I don't have to wonder where 3M is going to move it to.
Lastpass is, in every single way, actually worse than writing it on a post it note. And the question isn't why am I busting someone's chops for not doing things in house but why aren't you. Every person that validates that terrible model is contributing to the problem.
Of course I would rather still that Lastpass users migrate to a real password management solution, but even PostIts are a step up from them.
Alternatives (Score:5, Informative)
Re: (Score:3)
+1 for Bitwarden. it works very well, and in my opinion the interface is significantly better than LastPass' (I use both, since we have LastPass Enterprise at work).
The OTP functionality works very well too. I will say that is much easier to set up (for a given site) on mobile than on the desktop, but once initialized it works equally well for both.
Re: (Score:2)
Re: (Score:2)
+1 for BitWarden - I switched from LastPass to BitWarden a bit over a year ago and have no regrets.
Confusing at best.. (Score:4, Interesting)
I use Lastpass across my devices. From reading the article, it seems to say that I have to choose either mobile, or PC. I have 3 times to switch back and forth. I won't lose access to my passwords?
If I have to choose and I only have 3 chances to get this right, what quits working?
Seems like someone had to take the time to code some sort of app killing logic into these. I've always been a fan of Lastpass, but they have lost me on this one. It's not that hard to move one's passwords to another password manager. I don't want to get caught passwordless, with them screwing around here.
I don't like confusion from something so important. I despise self imploding software.
--
If you can't convince them, confuse them. - Harry S Truman
Re: (Score:2)
If I have to choose and I only have 3 chances to get this right, what quits working?
Presumably, once you select "Computer" your LastPass app (iPhone and Android) stops allowing you to login into your account. Or, if you select "Mobile", your LastPass addons (Chrome and Firefox) stop allowing you to login into your account. In short, as a free user you'll need to opt for either the LastPass apps, or the LastPass addons, as you won't be able to use both.
Let's say you chose "apps" first. What you will be able to do three times is to change your choice three time: 1) apps to addons, at which p
Re: (Score:2)
Paper and pencil (Score:4, Insightful)
Paper and pencil. No hacker, no matter how skilled, can hack a piece of paper in your drawer.
And if they can "social engineer" you to give them your passwords, well, all the password managers in the world will be of no help to you anyway.
Re: (Score:2)
On the other hand, that paper could get lost or destroyed in a disaster and then you'd likely be locked out of many accounts.
Re:Paper and pencil (Score:4, Insightful)
I would rather depend on myself than some company on the other side of a continent.
Re: (Score:2)
Both Bitwarden & Keepass are open source, so you wouldn't be screwed in any of your scenarios.
Re:Paper and pencil (Score:4, Informative)
Paper and pencil. No hacker, no matter how skilled, can hack a piece of paper in your drawer.
https://www.youtube.com/c/lock... [youtube.com]
So you carry a paper folded up in your wallet (Score:2)
Or, in my case, a notebook. Seems suboptimal.
Re: (Score:3)
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Re: (Score:2)
So you only ever need passwords from one place? Or do you carry that paper around with you (seems more than a little dangerous)?
Re: (Score:3)
a) How long of a string of random-generated characters can you retype with 100% accuracy?
b) What was your random number generator?
Re: (Score:2)
Not unexpected (Score:4, Insightful)
I had a premium subscription for a few years but let it lapse simply because there really was no difference between the version. I knew this going in, and paid to support the application. However, while I am annoyed I will have to switch to a new setup, I cannot be mad at the company, it is a business not a non profit, and they need to make a profit. I suppose I could pay for premium again.. but under current conditions, my situation precludes doing that for now.
Thats nice (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
People complain about being socially engineered but the fact it even works shows people's true natures, and that is that they want something for either little effort (lotteries, sweepstakes), or nothing (email,security).
Re: (Score:2)
Re: (Score:2)
I think the more important thing when it comes to things that cost is there's some form of competition. And with some of the free things there is.
Re: (Score:2)
That is where I was torn. For the most part, I like the service. The only reason I didn't pay for it is because the basic functionality met my needs. I don't know why, $20/year seems reasonable, but $3/month just seems ridiculous. (I'm not saying that's right, that's just what my reaction was. Probably because it's on top of the other half-dozen $3-5/month subscriptions I'm already paying.) I'll likely just bite the bullet and pay them the $3/month.
No! Switch to bitwarden, I just did from LastPass and it was all of five minutes to move everything over. Bitwarden imported everything perfectly including secure notes and folders. the only thing it doesn’t import were attachments. Lastpass plug-ins have become buggy and awkward to use. In 5 minutes of using Bitwarden I felt stupid not to have switched sooner. Bitwarden is so much smoother and easier to use it’s like last pass used to be before they were purchased by log me in.
Re: (Score:2)
I pay $25/yr. for Schedules Direct for TV listings for MythTV. That is a bit high but there is a massive amount of data and automation involved.
Paying $3 for 1KB of passwords to sync back and forth is a bit high. $10-15 per year is way more reasonable - but this is now owned by LogMeIn. Providing cloud infrastructure and continual mobile app updates is worth something perpetual, but the asking price is way too high.
Password Safe (Score:3)
KeePass (Score:2)
No real reason, other than to provide another free open source and highly plugin-extensible alternative to Password Safe.
They do the same thing, but differ slightly in operation and interface.
affordable (Score:2)
I've been paying $2/month. Looks like its now $3month. Pretty affordable. The 'generate secure password' feature is so nice. I don't even know what my passwords are anymore, they are all different. Go ahead an xkcd me, hit me with that big wrench, I still can't tell you my password because I don't know it.
Re: (Score:2)
Re:affordable (Score:4, Funny)
HA! Jokes on you! He doesn't know his LastPass master password either!
Re: (Score:2)
That might involve beating my emergency contact with a wrench too.
I am their bitch, no way I have the energy to move (Score:2)
So I guess I am just gonna pay. I have a zillion passwords there and I need both mobile app and Windows browser access every day.
Re: (Score:2)
I'm pretty sure there's a simple way to export from LastPass and import into Bitwarden (or some other password manager).
Re: (Score:2)
Export to csv is pretty easy, just a couple clicks (and reauthentication of course). Then you can import into another password manager just the same
LastPass has had its share of problems (Score:3)
I used to be a LastPass user for quite some time, after it had come across as having a good reputation. I do remember several issues, though, which came up over time, an earlier one being a security breach. I stayed a customer, since I'm lazy and as I also was using their excellent XMarks bookmark sync service – which has long since been discontinued now. Much later, once it happened that their service wasn't reachable at a time when I really would have needed it. That made the decision for me – self-hosting another password keeping service. I might have chosen something based on KeyPass which I had been using ages ago when 'cloud' was not even a word, but I finally decided to self-host a Bitwarden instance and since then I'm happy. LastPass-Bitwarden export-import was easy enough. The only little thing I'm missing is an ability to automatically fill HTTP basic authentication dialogs in the browser.
Not sure what I am missing. (Score:3)
Why would I trust this company to store my passwords?
Why isn't the free, in-browser password saving feature good enough?
Re: (Score:2)
- Your browser's password manager likely doesn't support OTP (two-factor auth).
- Your browser's password manager likely doesn't support secure notes.
One of the reasons I moved to Bitwarden - after using Apple's built-in Keychain for probably a decade - was Apple's half-assed approach to the Keychain on iOS. I use secure notes *a lot* - and, while Apple has offered that functionality forever, they *still* don't let you view secure notes on mobile devices.
With Bitwarden, LastPass, and others, you can see your
Re: (Score:2)
- Your browser's password manager likely doesn't support OTP (two-factor auth).
My company's forces me to use that "SafeNet MobilePASS" application to generate a code used for two-factor auth to connect to the VPN.
How does LastPass help me?
Anyway if the browser supported that, wouldn't it make it a single-factor auth since both the password and OTP would be stored at the same place?
- Your browser's password manager likely doesn't support secure notes.
What is is, and what am I missing by not using it?
With Bitwarden, LastPass, and others, you can see your secure notes anywhere. Even better, you can attach a secure note directly to a password item - so, for example, your failsafe two-factor codes can be directly attached to your saved password (as can the associated two-factor token).
So, if someones breaks into that, not only he gets your password but your secure codes as well? What could possibly go wrong?
Re: (Score:2)
Some people use more than one device and multiple computers
Re: (Score:2)
the browser sync passwords across devices. At least both Chrome and Firefox.
Re: (Score:2)
You say that like Google/Microsoft/Mozilla are for some reason more trustworthy?
Other reasons why a password manager is better: Store non-website passwords. Can hold more than just passwords. Works with (most) mobile apps. Grouping/Categorizing/Searching is better. Sync across all devices. Sync across all browsers. Sharing credentials (like service accounts). I'm sure there's more.
Re: (Score:2)
You say that like Google/Microsoft/Mozilla are for some reason more trustworthy?
Well I think they are, yes. If you don't trust them, I hope you are not visiting any HTTPS web site.
Other reasons why a password manager is better: Store non-website passwords. Can hold more than just passwords. Works with (most) mobile apps.
I don't see why I would want to store more than just passwords, can you elaborate on that?
Also Google seems to be able to save passwords in mobile apps as well. Those properly designed, anyways.
Grouping/Categorizing/Searching is better.
I have no problem searching in my browser. But the best thing is that you don't need it often. You just go to the web site.
Sync across all devices.
Same for in-browser password save feature.
Sync across all browsers.
So you have to install an extension in every browser?
Re: (Score:3)
Re: (Score:2)
I'm honestly asking questions here, with an open mind. When I ask "what's the advantage" and someone (two people, actually) replies "it syncs across devices", well they obviously don't know what they are talking about because the browsers already does that.
Re: (Score:2)
Yes, you're right, browsers sync across devices, assuming you're willing to stay signed in on Chrome. I don't use FF or Edge's built in password systems, so I don't know if/how they sync across devices.
You say that "properly designed apps" will use the passwords synced to Chrome/Android. Tell that to US bank. My personal experience is that there are a lot of "not properly designed apps".
Non-website-stuff I have in LastPass: My RDP passwords for work, my wife/kid's SS#, insurance policy numbers, drivers
Re: (Score:2)
You say that "properly designed apps" will use the passwords synced to Chrome/Android. Tell that to US bank. My personal experience is that there are a lot of "not properly designed apps".
Do these "not properly designed apps" work with LastPass? Is it automatic or you need to open LastPass everytime and enter the password manually (or at least copy)?
Because opening LastPass or my browser's saved passwords screen sounds similar to me.
Non-website-stuff I have in LastPass: My RDP passwords for work,
Does LastPass integrates with the RDP client? Or again you are just opening LastPass to check the password and enter it manually? And do you need to enter your LastPass password everytime so you can check what is your RDP password?
my wife/kid's SS#, insurance policy numbers, drivers license numbers. Stuff that I don't need/use enough to memorize but I occasionally need when I'm not sitting at home.
Well I guess you could just save
Bye Bye, LastPass... was nice knowing ya.... (Score:3)
I was a long time user of this product, but I'm just not going to pay for yet ANOTHER subscription to continue using it. Not when there are so many other alternatives out there that don't require one.
I get the pricing model of charging for premium functionality. But the definition of premium should be features a single, typical user doesn't require. I can see paying for something like a whole family subscription, or for business/commercial use.
I already run my own NextCloud server on a FreeNAS so the comment about KeePassium supporting NextCloud really interests me. I think I'll play with that tonight.
Not worth premium (Score:2)
I know it doesn't sound like a lot, but I've already got too many software or content subscriptions to tack on another $3 per month.
I can't recall what features the "Premium" version used to offer, but I remember looking and not thinking I'd want them.
If they charged $0.25 to $0.50 per month for what the free version USED to offer then sure I'd be fine with that, but as it is I'll be looking for an alternative.
KeePassXC (Score:2)
I switched to KeePassXC from 1Password about a year ago.
It has its annoyances and imperfections, but it's free, open source, locally synced (no cloud) and runs fine on Linux, iOS, and the Firefox plugin is steady (although sometimes awkward).
Who uses LastPass? (Score:3)
Not only are your keys stored in the cloud, under the control of some third party who may, or may not, have access to your keys but, in addition, you have to pay for the privilege.
A combination of KeePassXC and Syncthing allows me to do exactly the same thing, with no third parties involved and nothing to pay to anyone. F**k you LastPass.
Re: (Score:2)
I do - or at least I did until this update. First of all, it was free, so that's handy. Second of all it's convenient - I don't have to pay for hosting or host and securing my own server to replicate what a third party is already doing better.
With this change, I'm not planning on setting up a server, I'm just going to find a different 3rd party service
Use Bitwarden (Score:2)
Bitwarden is similar to LastPass but it's open source, cheaper for hosted plans, and doesn't send your metadata to the server in the clear* like LastPass does.
There's even a Rust implementation of the Bitwarden server.
*transport is secure but LP isn't E2E for metadata
Buh bye, lastpass (Score:2)
Plenty of other options out there. So last pass can f$%^ right off.
Translation (Score:2)
Like WhatsApp -> Signal debacle, LastPass is promising to push its free customers to another application next month.
I only stayed so far due to inertia. They used to have a $10/year plan before being bought out by LogMeIn. First they hiked the price, so I went for free tier. Now they kill the free, I will go somewhere else.
That's fine with me. (Score:2)
I've used lastpass for a few years on the free tier. It's made managing my accounts and credentials much easier. It's been a very valuable service for me, and I don't have a problem with paying $30-40 a year or whatever for that service.
Logmein (Score:2)
They were bought by Logmein. What were we all expecting?
We use bitwarden at work now, so I’ll be porting out private LastPass over.
two accounts (Score:2)
nothing says you can't have two accounts, one for android and one for pc.
Re:Didn't LastPass get hacked & leak passwords (Score:5, Informative)
Even if the Lastpass Database was leaked, it's encrypted and requires the master password for each user to decrypt just that users password DB.
Re: (Score:2)
Re: (Score:2)
I'm sure your txt file with a list of usernames and passwords is WAY more secure. Because we know you're not dumb enough to use the same username/password on every site, right?
It would be way more secure, simply by being located in some random folder on a machine inside his own house.
Re: (Score:2)
Re: (Score:2)