Export thread

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

LastPass changes will make free tier less useful

#1

P

PHolder


I remember when LastPass first started, you needed to be a paid user to have mobile access. Back then it was only $1/mo for the membership. They've been sold, and then sold again. It appears the new owners want more money for their investment.


#2

B

Bplayer

Most unfortunate. Of my limited usage 99% is on a PC and only 1% on my phone. Will find a workaround or alternative as I do not need to add another life-time subscription service.


#3

B

bertwin

Less useful? No, if you cannot share your passwords between your desktop and mobile devices, it makes the free plan completely useless.


#4

C

cyberman

Hmmm, which to choose; mobile or laptop. Rather, how about an alternative solution?

A key reason for using a 3rd party password manager is to allow credentials to be used across different devices. It would be one thing to begin charging new signups if they wish to use on mobile and PC, but to suddenly declare to existing users that they've one month to find an alternative solution, before being forced to pay to access a large array of credentials built up over the years on all their devices, feels like attempted extortion.

I was a premium user, but dropped down to free last year owing to being back on a tight student budget whilst studying for my masters. I won't be resuming my premium account after this. I know they're not asking a huge fee, but still, some of us do need to count every penny, and besides, it's the principle. Hardly the kind of behaviour that engenders trust in a company's business ethics.

In short: Screw 'em. I'm off.


#5

J

JimWilliamson

Of my limited usage 99% is on a PC and only 1% on my phone. Will find a workaround

Could one simply use a web browser on the mobile device to access the web site - not having the mobile app installed?


#6

Barry Wallis

Barry Wallis

Could one simply use a web browser on the mobile device to access the web site - not having the mobile app installed?
That seems like it would work (worst case is you set the browser to say it's a desktop rather than mobile).


#7

Barry Wallis

Barry Wallis

I am a libertarian-leaning capitalist. I've been using it for free for a long time (way before the initial purchase) but can't blame them for trying harder to monetize it. In fact, they are being generous to allow you to use it for free. I'm planning to pay since I think it is worth the price. If you want to move to another password manager (or manage them yourself), LastPass has an export to CSV option buried in the bowels of the menu system.


#8

E

eroc1990

That's disappointing to discover. I'm glad I decided to roll my own pw manager through Bitwarden. Looks like I've got some work to do to convert my parents' accounts over to that as well.


#9

E

eroc1990

Could one simply use a web browser on the mobile device to access the web site - not having the mobile app installed?
Depends on if they're detecting your device type when you try to log in. I'm curious if it'll lock you out if you try to log into the site from a mobile browser vs a desktop browser.


#10

B

bertwin

In fact, they are being generous to allow you to use it for free.
I would call it "Try a crippled version of the service for free". Moreover, it cripples the whole experience. Say you've ordered something online on your desktop and made an account there. Later, you want to use your phone to check the status of your items. You obviously wouldn't remember what password Lastpass made up for it, so you need to reset it with your email. (and let's hope you did not let Lastpass control your email password). Now you have a dumb easy-to-remember password for that service, and your desktop's Lastpass installation does not know about it, so logging in on your desktop doesn't work anymore.

It has become useless for your important accounts that you need to access from everywhere, and for your less-important accounts it's useless since you may have changed the password into something simpler when you weren't around your desktop. This defeats the whole purpose of their service and just adds a whole extra mess into the password-hell you already had.


#11

Barry Wallis

Barry Wallis

I would call it "Try a crippled version of the service for free". Moreover, it cripples the whole experience. Say you've ordered something online on your desktop and made an account there. Later, you want to use your phone to check the status of your items. You obviously wouldn't remember what password Lastpass made up for it, so you need to reset it with your email. (and let's hope you did not let Lastpass control your email password). Now you have a dumb easy-to-remember password for that service, and your desktop's Lastpass installation does not know about it, so logging in on your desktop doesn't work anymore.

It has become useless for your important accounts that you need to access from everywhere, and for your less-important accounts it's useless since you may have changed the password into something simpler when you weren't around your desktop. This defeats the whole purpose of their service and just adds a whole extra mess into the password-hell you already had.
My suggestion is that you don't use LastPass after the changes are implemented.


#12

B

bertwin

My suggestion is that you don't use LastPass after the changes are implemented.
Do you still think the free plan is useful?

For me, I don't use it anyway. But I was recommending it to people, which I cannot anymore.


#13

D

drwtsn32

I abandoned LastPass for Bitwarden over a year ago... no regrets....


#14

Barry Wallis

Barry Wallis

Do you still think the free plan is useful?

For me, I don't use it anyway. But I was recommending it to people, which I cannot anymore.
A use case for the free version is folks who only use mobile devices. That's not likely for the people on these forums but a lot of younger folks might find it useful.


#15

Mainframe

Mainframe

The one thing I wish LastPass had was a password history function. Let me track the last 5 passwords I used for a particular user id.


#16

JulioHM

JulioHM

LastPass is clearly hoping the new restrictions are enough to encourage people to upgrade to its Premium or Families tiers
I've been meaning to ditch LP for some opensource alternative. Thanks, LastPass! I do feel encouraged, now.


#17

Mainframe

Mainframe

Cannot wait to see what Leo/Steve will suggest as an alternative.


#18

D

dg1261

Looks like I've got some work to do to convert my parents' accounts over to that as well.
Looks like it shouldn't be too hard. Export their lastpass vault to a csv file, go to bitwarden.com and directly import it. Bitwarden understands the lastpass csv field labels. Seems to work fine for URLs/logins ... not sure how it would do for notes and other non-web miscellany (like Leo's passport, which he always brags about).


#19

E

eroc1990

Cannot wait to see what Leo/Steve will suggest as an alternative.
Ha I wasn't even thinking about that. It'd be interesting to hear that. They didn't happen to cover that on the most recent SN, did they? I wasn't able to tune in live.


#20

A

Argonot

These are the alternatives I’m considering:

Edits: Added the 1Password discount link and the respective security white papers.


#21

Lob

Lob

This should help, I am doing this now: Import Data from LastPass | Bitwarden Help & Support


#22

Greg S

Greg S

The one thing I wish LastPass had was a password history function. Let me track the last 5 passwords I used for a particular user id.

It does. There is a little button above the password labeled "Show Password History".

1613560496970.png


That will show you just that.

1613560563385.png


#23

B

Bplayer

The majority of my accounts/entries are used on my laptop, and only a few on my phone. The solution for now, until they close this loophole, is sharing sites and allowing passwords to be visible with a different account on the phone.


#24

M

MacNala2

It does. There is a little button above the password labeled "Show Password History".

View attachment 320

That will show you just that.

View attachment 321
At first I did not think LP did that and when I tried to use the button it did not appear. I have since found out that if you have never changed the password it only shows the current password no others are known so not displayed.


#25

J

JimWilliamson

`flipped over to Bitwarden. Interface is functional. I do like that the password generator is more accessible (via web and IOS) than what I found LastPass to offer (I had not jumped fully into LP's pool but what I had used of it I found the PW generator to be not easy to get to).


#26

H

HKPostOffice

So unbelievably disappointing... I've been using lastpass since it was first recommended by Steve. I was a paid member when it was $12pa to access the mobile app, then the price doubled and I went free.

What an infuriating tactic... suck people onto the free app and then make it a paid service 4x more than it was originally.

They are a sponsor of Security Now, so I wonder how how Leo will react to this terrible and mean change.


#27

P

PHolder

They are a sponsor of Security Now
Are not, and have not been since 2020. And probably will never be again, since they were taken over by investment bankers.


#28

D

drwtsn32

Are not, and have not been since 2020. And probably will never be again, since they were taken over by investment bankers.

So no longer recorded in the LastPass Studios? lol


#29

Lob

Lob

Both SN and Smashing Security are no longer sponsored by LastPass - it's clear now why that has changed.

I've dropped LP from my computer and mobile devices. It seems BW is similarly secure on face value and I actually quite like the interface.


#30

B

Bplayer

Ha I wasn't even thinking about that. It'd be interesting to hear that. They didn't happen to cover that on the most recent SN, did they? I wasn't able to tune in live.
Leo made one reference to LP, in passing, towards the end of the show, but that was it.


#31

Lob

Lob

LastPass said:
We're making some changes to LastPass Free
We love being a part of the security routines of more than 20 million users across the world. As our community continues to grow, we need to adapt our offerings to keep up with the constantly evolving digital world.

Beginning March 16, 2021, we will be introducing some changes to our LastPass Free experience, including how many device types free users will be able to use LastPass on (more details below).

Leading up to these changes, you can upgrade to Premium at a limited-time discounted rate of $2.25 per month, billed annually ($36 $27 /year).

What's changing in LastPass Free?
Beginning March 16, 2021, LastPass Free will include access on one device type of your choice. The first device you login with on or after March 16 will set your active device type.

If you choose computer as your device type, LastPass Free will work on all computers in your life:
• ALL desktop computers
• ALL laptop computers

If you choose mobile as your device type, LastPass Free will work on all mobile devices in your life:
• ALL mobile phones
• ALL tablets
• ALL smartwatches

For more information about this change, including how to select and change your active device type, check out our support page.
The email, for reference. It no longer meets my requirements and I don't want to rent this type of functionality. I would buy it but not rent.

For reference, I rent Office365, for example. I am not against it but this does not fit a model I like to rent.


#32

xox101

xox101

Another original $12 a year LastPass user here. I paid for quite a few years with the money coming straight out of my account then one year I noticed I was no longer a paid member. No email, no notice of any kind, just a demand for twice the amount. I stuck with LastPass Free simply because I was used to it but no more. So I spent a few hours last night setting up Bitwarden on my Synology NAS and I have to say it works extremely well. Only downside is the need to manually sync between devices but that should develop into a habit. I should stress that manually syncing is only needed if you want to self host Bitwarden. Using their servers syncing is as far as I can tell automatic. I have to say that Bitwarden is just as intuitive and easy to use as LastPass so I will be sticking with it. Now I just need to set it up on friends and family's machines and mobiles.

I do get the need for paid software though. If I decide to stop self hosting Bitwarden and choose to use their servers then I will most likely pay for it. Although I do wonder how long before Bitwarden goes the same way as LastPass.


#33

Mainframe

Mainframe

It does. There is a little button above the password labeled "Show Password History".

View attachment 320

That will show you just that.

View attachment 321
Thanks, but that is only on the web version. The Android App and Windows 10 App does not have that feature.


#34

H

HKPostOffice

Are not, and have not been since 2020. And probably will never be again, since they were taken over by investment bankers.
I must have heard their ad in the end of 2020. I'm still interested to hear Leo's view on the changes, as I can remember he wasn't against the last price doubling.

Seems I'll be moving to premium Bitwarden.


#35

A

Argonot

Something weird about Bitwarden is their Password Strength Testing Tool, according to it the password: D0g.............................................................................a3% would only take 7 days to crack. But, according to GRC's Password Haystack page and assuming one hundred trillion guesses per second, cracking that same password would take: 4.55 hundred million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries.


#36

D

drwtsn32

On that Bitwarden page they have a link which explains how their tool works. It tries to recognize patterns and lessens the cracking time estimate accordingly.


#37

R

Roger Rabbit

I installed BitWarden a couple of hours ago. Exported all my stuff from LP, and imported into BW.

There are some learning curves, but nothing that won't resolve in a day or so. I've deleted LP from everything now. I'm not going to sweat comparing how long different tools say it will take co crack something, I'll likely be dead and buried long before the half life of something like G2*R^fxjjjk4g@SPvVSSfJQ is compromised.


#38

B

Bplayer

In the recent episode of Windows Weekly, Paul Thurrott tore a strip off all the people complaining about this change in LP. His contention was the charge is only a couple of $$ per month and why would they expect to get this service for free. If they want free then use one of the basic facilities provided by your browser or OS. Leo and MJ agreed with him.
Many businesses offer a free version of their product to get as many customers using it with the expectation that many will convert to the paid version to get more features. Now they are trying to limit the free features offered. I started with LP way back when everything was free. Premium was introduced next for a very reasonable price, and I supported them. Maybe a year later the price doubled. No thank you, back to free.
Sure, they have a business to run, but the market is very competitive. A major discount at this point is not much of an incentive when facing many years of full price charges plus the inevitable price increases.


#39

StarvaldD

StarvaldD

During a pandemic when buisnesses are being forced to close, bad optics complaining about a few '$$ per month' when your job is sitting at home typing on a keyboard.


#40

M

marky1124

I have to say I'm extremely impressed with Bitwarden using their servers and getting automatic synchronisation across devices and browsers. I'm unlikely to bother going self-hosted but its great to know the option is there. Migrating from lastpass was painless, export then import. I had a few Secure Notes that were too long. There's a bit of a buried browser setting that turns on auto-fill (Settings -> Options -> Enable auto-fill on page load) which is apparently an experimental feature. From what I've seen on many different websites it works really well, better than lastpass. I don't see myself mourning the loss of lastpass, and Bitwardens yearly pricing of $10 is much more appropriate than lastpass at $36.



#42

R

Roger Rabbit

Went to LastPass site and closed/deleted my account which they say will wipe all my info from their system. No choice to take their word for it, or as SG says TNO.

As for paying for the service, it is not about the $$, but the concept of having my CC info scattered/stored on more and more sites from everyone that wants a subscription. Some are unavoidable, but I limit this to sites/services, etc. where there is no option. Between every media outlet that puts up a paywall, and things like lastpass, I choose not to scatter my CC info out there when it is not necessary.

I use the same concept as far as bill paying. Most companies/utilitis for my routine bills offer a "draft" service where they have access to my checking account or credit card info. I can accomplish the same convenience by using my credit union's billpay service, and schedule them so I don't have to do anything to pay them each month.

Plus it save the hassle of having to update card info when the card expires and you get a new card. Thats when you find out how many companies are holding your CC info.

Again back to TNO!


#43

H

HKPostOffice

In the recent episode of Windows Weekly, Paul Thurrott tore a strip off all the people complaining about this change in LP. His contention was the charge is only a couple of $$ per month and why would they expect to get this service for free. If they want free then use one of the basic facilities provided by your browser or OS. Leo and MJ agreed with him.
Seems like they want them back as a sponsor. Money talks.

It's disappointing they don't see though the tactic of making a paid feature free for a few years and then changing it back to paid. Trying to suck people in and force them to pay.

I just transferred all my stuff to Bitwarden, looking great so far.


#44

P

PHolder

It's disappointing they don't see though the tactic of making a paid feature free for a few years and then changing it back to paid. Trying to suck people in and force them to pay.
Umm.. this has to be one of the most common business practices in the online (and sometimes real) world. Have you not heard about the razor company that gives the razor away knowing you'll have to buy blades for a lifetime. There is absolutely nothing wrong with what LastPass did... you're not entitled to their services for free, and if you thought it would always stay free, you deluded yourself. There is no successful business that "makes it up in volume" on free.

You've found a solution that works for you at a price you like, then be happy about that and promote it... but don't beat up on LastPass for trying to make money. (I didn't start the thread to beat up on them, but to inform users they may need to change situation if they were impacted.)


#45

Barry Wallis

Barry Wallis

Umm.. this has to be one of the most common business practices in the online (and sometimes real) world. Have you not heard about the razor company that gives the razor away knowing you'll have to buy blades for a lifetime. There is absolutely nothing wrong with what LastPass did... you're not entitled to their services for free, and if you thought it would always stay free, you deluded yourself. There is no successful business that "makes it up in volume" on free.

You've found a solution that works for you at a price you like, then be happy about that and promote it... but don't beat up on LastPass for trying to make money. (I didn't start the thread to beat up on them, but to inform users they may need to change situation if they were impacted.)
Well said!


#46

R

Roger Rabbit

Umm.. this has to be one of the most common business practices in the online (and sometimes real) world. Have you not heard about the razor company that gives the razor away knowing you'll have to buy blades for a lifetime. There is absolutely nothing wrong with what LastPass did... you're not entitled to their services for free, and if you thought it would always stay free, you deluded yourself. There is no successful business that "makes it up in volume" on free.

You've found a solution that works for you at a price you like, then be happy about that and promote it... but don't beat up on LastPass for trying to make money. (I didn't start the thread to beat up on them, but to inform users they may need to change situation if they were impacted.)
And cheap inkjet printers that will milk you for ink cartridges. I suspect that they actually lose money on the hardware knowing they will recover it on the ink.

The most annoying was Quicken, which I have used from the DOS days. Then they started timebombing features, i.e. downloading from institutions. So for a while you paid for software that had timebombed features. And finially on to subscription by the year, for software installed on your computer. Of course they know that there really isn't an alternative. Yes, I know Mint and others are out there, but the learning curve is steep and functions missing. I used Mint for weeks in an attempt to leave Quicken, and still far too many issues and omissions and limitations.

But with LastPass, there are very workable alternatives. I invested a couple of hours in moving and learning to move from LP to BitWarden, and that task is done.


#47

Barry Wallis

Barry Wallis

@Roger Rabbit That is exactly how the free market works. I use HP's monthly ink subscription because it is cost effective for me.


#48

xox101

xox101

Umm.. this has to be one of the most common business practices in the online (and sometimes real) world. Have you not heard about the razor company that gives the razor away knowing you'll have to buy blades for a lifetime. There is absolutely nothing wrong with what LastPass did... you're not entitled to their services for free, and if you thought it would always stay free, you deluded yourself. There is no successful business that "makes it up in volume" on free.

You've found a solution that works for you at a price you like, then be happy about that and promote it... but don't beat up on LastPass for trying to make money. (I didn't start the thread to beat up on them, but to inform users they may need to change situation if they were impacted.)
I was a paid LastPass user until they (LastPass) cancelled my subscription which had been running for a few years and then demanded twice the price while continuing to offer the same for free. Note, I knew I could get the same service for free but I choose to pay even though I was only using the basic functionality available which was a password manager across different devices. No family, no storage, no premium features. I had also promoted LastPass to numerous friends, family and business clients. I have no problem with a software company or developer making money from their product but do have a problem when the making money bit becomes more important than the serving your customers bit which is what happened a few years ago with the price doubling and which is what I suspect is happening again now. Hence my reason to move to Bitwarden.

Incidentally, anyone that has moved away from LastPass, make sure and take a copy of your usernames and passwords from LastPass and then delete your account and info.


#49

rfrazier

rfrazier

I skimmed over the messages here but didn't read every one. Let's be honest, running something like LastPass CORRECTLY for millions of users takes a large investment in knowledge, talent, and infrastructure. I don't expect it for free. I gladly pay the fee for value received. And, I'm OK with them making a profit. Imagine that. If they cease to exist, I have to find a way to store over 100 passwords I can't possibly remember or type on multiple different platforms. That makes my life much harder.

Having said that, the price is starting to get a little high. It's not that I cannot afford $ 3 / mo. It's $ 36 / year for that, and $ 80 / year for VPN, and $ 100 a year for WordFence security for my website, and $ 48 per year for Pandora, and $ 180 / year for Audible, and $ 144 / year for Humble Bundle Games, and so on. So, every little thing adds up after a while.

But, if there's anything I use that's probably worth $ 3 / mo, it's probably LastPass. For the moment, it's an easy choice. It's harder psychologically to pay the full year at once.

May your bits be stable and your interfaces be fast. :cool: Ron


#50

iSecurityGuru

iSecurityGuru

Or you can also use KeePass.

For those who wants cloud sync, you can put your .kdbx file in a cloud storage. All your devices/computers will get the password database from the cloud storage.

It is multiplatform.
  • Windows- use the original KeePass from the website
  • iOS/iPadOS/macOS- use KyPass (pay once and use forever. But separate payment for macOS and iOS/iPadOS. No subscription)
  • iOS/iPadOS/macOS- use StrongBox. Freemium model. Or you can pay outright separately for macOS and iOS/iPadOS. But more expensive than KyPass. No subscription)
I'm not familiar with Android KeePass client, but when I had Android, I used KeePassDroid.


#51

Mainframe

Mainframe

I skimmed over the messages here but didn't read every one. Let's be honest, running something like LastPass CORRECTLY for millions of users takes a large investment in knowledge, talent, and infrastructure. I don't expect it for free. I gladly pay the fee for value received. And, I'm OK with them making a profit. Imagine that. If they cease to exist, I have to find a way to store over 100 passwords I can't possibly remember or type on multiple different platforms. That makes my life much harder.

Having said that, the price is starting to get a little high. It's not that I cannot afford $ 3 / mo. It's $ 36 / year for that, and $ 80 / year for VPN, and $ 100 a year for WordFence security for my website, and $ 48 per year for Pandora, and $ 180 / year for Audible, and $ 144 / year for Humble Bundle Games, and so on. So, every little thing adds up after a while.

But, if there's anything I use that's probably worth $ 3 / mo, it's probably LastPass. For the moment, it's an easy choice. It's harder psychologically to pay the full year at once.

May your bits be stable and your interfaces be fast. :cool: Ron
I agree with what you are saying. We (as consumers) are being "nickeled and dimed" to death. So, we something for free now and then, big deal! Big bucks, Paul Thurrott probably gets a lot of stuff for free via sponsorship. Most of us have budgets and bills that need to be payed every month. There are lots of things, I would love to get paid subscriptions for, but I don't have unlimited funds.

Many tech companies take advantage of the "Bait and Switch" model. Offer services for free, then take away those services for free unless you start paying $$$ monthly.


#52

Barry Wallis

Barry Wallis

Paul Thurrott probably gets a lot of stuff for free via sponsorship
What makes you think this? Paul certainly gets some things to review but he generally needs to return them. Lots of items he reviews he buys himself and sends back during the return period. He buys the subscription services he reviews and cancels them if he doesn't need them.


#53

trolley

trolley

Tangentially related to this, an article on The Verge today details how the LastPass Android app has 7 trackers included, more than any of other password managers listed in the article: https://www.theverge.com/2021/2/26/22302709/lastpass-android-app-trackers-security-research-privacy


#54

A

AlanD

Similar article on The Register


#55

R

Roger Rabbit

@Roger Rabbit That is exactly how the free market works. I use HP's monthly ink subscription because it is cost effective for me.
My HP was out of date, drivers were becoming a challenge to install on Win 10, and time for a replacement Why I chose the Brother INKvestment Tank printer. Also, the features/function of the printer were inline with what I need.


#56

R

Roger Rabbit

I'm 5 days post LastPass and converting to BitWarden. Now with routine usage I'm quite happy with BW. Functions a bit different but is much less temperamental than LP, and I much prefer the Android version vs. LP.


#57

MichaelRSorg

MichaelRSorg

Similar article on The Register
This was a great article and a great find by the researcher. I love the quote "...the presence of the trackers demonstrates a suboptimal attitude to security". No kidding. This is important, because without access to the source code, the use of trackers gives us a look at the corporate mindset.

That said, I am prejudiced against password managers

Not that they are wrong all time for everyone, but mostly because they are over-sold. For so many people, other schemes/approaches make more sense. In the blog I suggest a formula for sort-of kind-of generating passwords, but the big issue is to be flexible when it comes to managing passwords. And, all passwords are not the same. They vary drastically in importance. And, ease of use always means less security. Always.


#58

S

SamGreenwood

@Steve what do you think about this?
Similar article on The Register


#59

Mainframe

Mainframe

LP is one of @Steve and @leolaporte major sponsors. They will just ignore this issue until it goes away.


#60

P

PHolder

major sponsors
LastPass no longer sponsors the TWiT network, and hasn't since the end of 2020. And even when they were a sponsor, I don't think @Steve would ignore a security or privacy issue, that's just not his role.


#61

P

PHolder

It's worth noting at the end of the article how to opt out of the analytics. Bring up your vault (the web page, not the toolbar icon or client app) and note the "Show Advanced Settings" is a button on the bottom of the screen:
All LastPass users, regardless of browser or device, are given the option to opt-out of these analytics in their LastPass Privacy Settings, located in their account here: Account Settings > Show Advanced Settings > Privacy

Here's some pictures of how to do it from the app icon in Firefox, but I assume it is similar for other platforms/methods:


PHolder2021Feb27_LastPassVaultInMenu.png



PHolder2021Feb27_LastPassVaultAccountSettings.png



PHolder2021Feb27_LastPassVaultShowAdvancedSettings.png



PHolder2021Feb27_LastPassVaultAccountSettingsPrivacySection.png


#62

rfrazier

rfrazier

I checked the settings in my account. The options and the help say the following:

(checkbox) Keep track of login and form fill history.

- Maintain a history of your website logins and form fills. When disabled, History and Recent Sites will be empty on the vault and extension, respectively.

(checkbox) Send anonymous error reporting data to help improve LastPass.

- Anonymous data is aggregated but not shared with third parties.

Regardless, I'm not worried about those options nor am I worried about the pricing. LP does what I need at a reasonable cost. Gonna keep using it for now.

May your bits be stable and your interfaces be fast. :cool: Ron


#63

R

Roger Rabbit

We now know LastPass's Android app has 7 trackers imbeded.


LP has apparently made our data secure within the realm of lastpass. However, third party applications have failed.
  • LastPass's Android app was written by a third party, LogMeIn, Inc.
  • BitWarden's Android app is written by BitWarden, Inc.


#64

P

PHolder

LastPass's Android app was written by a third party, LogMeIn, Inc.
Wut? LogMeIn *IS* LastPass. They purchased them a couple years ago.


#65

Lob

Lob

I was going to actually update my contribution to this thread that the expectation with the change in functionality (choose mobile OR traditional device) does not make LastPass less secure. This news on the trackers however erodes that comfort.

Money is business appears greater than security is business......


#66

Philip

Philip

These are the alternatives I’m considering:

Edits: Added the 1Password discount link and the respective security white papers.
Security white papers will tell you the encryption has been implemented correctly, which is easy to do with Encryption 101. What is hard, in fact very hard, is making the browser integration secure. As regular listeners will recall, a couple of years ago Tavis Ormandy famously dreamt up an incredibly ingenious hack whilst taking a shower. Quite unlikely that a commercial security audit would have found that. So what it comes down to is that the most important consideration is how quickly and responsibly the vendor responds to vulnerability disclosures.


#67

D

dmot


I remember when LastPass first started, you needed to be a paid user to have mobile access. Back then it was only $1/mo for the membership. They've been sold, and then sold again. It appears the new owners want more money for their investment.

I remember this, then I paid for two or three years, up front, because I wanted mobile access. Shortly after that, they introduced mobile access to the free plan.


#68

D

DanielB

I chose LastPass years ago after looking at many others. I chose it then had my choice confirmed when Steve endorsed it sometime later. I have finally abandoned Lastpass. Once LogMeIn bought them, it was all downhill. Lastpass has gotten more buggy and much slower. And forget support! Lastpass support used to be excellent, for those of us lucky enough to have worked with Amber Gott. Count the number of support people from your past who were so good that you remember their name! Now Lastpass support tries to wear you down by requesting redundant details and talking down to you as though you are using a computer for the first time. I have switched to iPassword which actually costs the same for the family version. But, their support is what Lastpass used to be! There is even an Amber there. I checked, not the same Amber but she's just as good. There are some features missing in 1Password but it's also much faster. One of the missing features has already been added since I switched, respecting already completed fields when populating a form. Another one is that Lastpass search would search most fields, including notes. 1Password seems to ignore notes and some other fields. I will check with support on that one. I also just got too annoyed with Lastpass demanding a CC number to be on the account for "security" purposes. Who's security, theirs or mine? When I asked for justification of how they could triple the price over three years, their answer was essentially because we can. Here's the actual text from their response: "We've done a series of updates to the platform to improve it for our users, from users on the free mobile platform to our high end enterprise users. Premium has also seen a number of updates to improve the stability, and usability of the platform. We also have plans in place to massively improve the service for 2020. LastPass has improved dramatically since 2015, and we believe the $12 or $24 annual subscription no longer fits this platform." Improved dramatically? Where? How? My answer is that Lastpass no longer fits my platform. Bye-bye Lastpass.


#69

ipsfr

ipsfr

For those of you, or rather of us, who find surprising insight and beauty in the work of Dan Ariely the following will not be a surprise. In 2007 he wrote a paper a about the distortions that arise from pricing things at zero. Free stuff. Read it here: http://web.mit.edu/ariely/www/MIT/Papers/zero.pdf. The ability to get something for nothing leads us to exaggerate the benefits of the product, and to choose free things over things that cost actual money in an irrational way. I wonder if this is what is going on right now with LastPass free tier. I include myself in the ranks of the irrational, by the way, because knowing that these mechanisms exist doesn't mean that we can't enjoy them. :)

Anyway, I was also a premium user who abandoned it when the same advantages that I didn't in any case use became available in the free version. I too saw the takeover by LogMeIn Hamachi as the beginning of the end. And yet... and yet LastPass remains very slick in use. I'm not about to pay the new rates, because I found $12 annually was reasonable, so I might yet migrate to something else. This might be the tipping point.

The takeway here is that we humans are easily manipulated. Very easily. Go read Dan Ariely's paper, and find enlightenment. Marvel at the off-the-wall experiments and the weird things they reveal about the human condition. He makes some extremely valid points.


#70

Dave

Dave

For those of you, or rather of us, who find surprising insight and beauty in the work of Dan Ariely the following will not be a surprise. In 2007 he wrote a paper a about the distortions that arise from pricing things at zero. Free stuff. Read it here: http://web.mit.edu/ariely/www/MIT/Papers/zero.pdf. The ability to get something for nothing leads us to exaggerate the benefits of the product, and to choose free things over things that cost actual money in an irrational way. I wonder if this is what is going on right now with LastPass free tier. I include myself in the ranks of the irrational, by the way, because knowing that these mechanisms exist doesn't mean that we can't enjoy them. :)

Anyway, I was also a premium user who abandoned it when the same advantages that I didn't in any case use became available in the free version. I too saw the takeover by LogMeIn Hamachi as the beginning of the end. And yet... and yet LastPass remains very slick in use. I'm not about to pay the new rates, because I found $12 annually was reasonable, so I might yet migrate to something else. This might be the tipping point.

The takeway here is that we humans are easily manipulated. Very easily. Go read Dan Ariely's paper, and find enlightenment. Marvel at the off-the-wall experiments and the weird things they reveal about the human condition. He makes some extremely valid points.
Loved Dan Ariely's Predictably Irrational!


#71

P

PHolder

distortions that arise from pricing things at zero
Does it make this seem ironic?
FreeWithCommitment.png


#72

ipsfr

ipsfr

I feel myself being drawn in again... Resistance is futile...


#73

Dave

Dave

Does it make this seem ironic?
LOL! Absolutely! Or at least until you note the "Free with trial". One of the things covered in that book is the whole "Try it in your home, risk free and at no cost to you, for 30 days." Which is predicated on the phenomenon that we ascribe additional value to something we "have" once we have it and perceive it as giving something up so we are reluctant to return it.

My daughter used to work for a DME (Durable Medical Equipment) Provider. Their biggest product/service is CPAP machines for sleep apnea. The machine is supposed to be used every night, Insurance company requires 70% "compliance" (used at least 4 hours per night for 70% of nights) to continue making payments on the machine. They would have patients who NEVER use it, yet they refuse to return "their" machine, even though their insurance company is refusing to pay for it because of "non-compliance".


#74

rfrazier

rfrazier

I also just got too annoyed with Lastpass demanding a CC number to be on the account for "security" purposes.
Just refuse. When I renew and they put me on "autorenew" which I don't like, I just go in and cancel it. I don't think they have my CC and I've not honored their request to add one. If I can I pay with PayPal but I don't remember if I could in this case.

May your bits be stable and your interfaces be fast. :cool: Ron


#75

D

DanielB

Just refuse. When I renew and they put me on "autorenew" which I don't like, I just go in and cancel it. I don't think they have my CC and I've not honored their request to add one. If I can I pay with PayPal but I don't remember if I could in this case.

May your bits be stable and your interfaces be fast. :cool: Ron
They did have my CC#. I deleted it a while ago. They nag you on every login. I don't need any more nagging in my life. Especially when it's for dubious purposes. I'm sticking with 1Password for now. I would rather switch all my logins to SQRL though!


#76

C

Cyber Axe

Cannot wait to see what Leo/Steve will suggest as an alternative.
Still waiting

Anyone else know of any good alternatives, preferably with the ability to import from lastpass, as transferring everything is going to be a nightmare.

Partially considering onepass just because it's supported by my corporate masters, and i think steve gave it an all clear a while back.


#77

D

DanielB

Still waiting

Anyone else know of any good alternatives, preferably with the ability to import from lastpass, as transferring everything is going to be a nightmare.

Partially considering onepass just because it's supported by my corporate masters, and i think steve gave it an all clear a while back.
Same here! As I recall Security Now was recorded in the Lastpass studio, right? Conflict of interest?


#78

C

Cyber Axe

Umm.. this has to be one of the most common business practices in the online (and sometimes real) world. Have you not heard about the razor company that gives the razor away knowing you'll have to buy blades for a lifetime. There is absolutely nothing wrong with what LastPass did... you're not entitled to their services for free, and if you thought it would always stay free, you deluded yourself. There is no successful business that "makes it up in volume" on free.

You've found a solution that works for you at a price you like, then be happy about that and promote it... but don't beat up on LastPass for trying to make money. (I didn't start the thread to beat up on them, but to inform users they may need to change situation if they were impacted.)
Yes but with razors you don get blades taken away after you've bought into that brand, lastpass gave certain services and then offered others for a price, now it's taking away the originally available free stuff to force you into becoming a premium member.


#79

P

PHolder

originally available free
You are not entitled to anything from them for free. They were nice enough to give you something for free in hopes you would enjoy it enough to elevate your membership to paid. They are now not being quite as nice. There is nothing new here... this is a perfectly common and valid business model. Just like a drug dealer... the first hit is free and you eventually will pay (one way or another in the case of drugs.)


#80

Barry Wallis

Barry Wallis

Yes but with razors you don get blades taken away after you've bought into that brand, lastpass gave certain services and then offered others for a price, now it's taking away the originally available free stuff to force you into becoming a premium member.
Yes, but if they are using proprietary blades, they can raise the price to whatever they want or even stop making the blades.


#81

C

Cyber Axe

You are not entitled to anything from them for free. They were nice enough to give you something for free in hopes you would enjoy it enough to elevate your membership to paid. They are now not being quite as nice. There is nothing new here... this is a perfectly common and valid business model. Just like a drug dealer... the first hit is free and you eventually will pay (one way or another in the case of drugs.)
The fact you are advocating for abhorant business practices just clarifies how wrong the whole thing is.


#82

Barry Wallis

Barry Wallis

Same here! As I recall Security Now was recorded in the Lastpass studio, right? Conflict of interest
The LastPass studio naming rights contract was only for a year. It ended last year and wasn't renewed.


#83

C

Cyber Axe

Looking into alternatives I came across this video
from november, I'm only 1 min in and the first thing it mentions was a last pass security issue, I dont remember it being mentioned on SN but I could be wrong.

It's been going downhill anyway, getting ever more buggier and not even respecting the option of not opening the vault when you login which is extremely annoying.


#84

C

Cyber Axe

Can't find any good free alternatives, but seriously considering paying for roboform everywhere, just need to find more info on it, so far security reviews and such have been positive and i seriously like it's features, especailly the way you can fill in app passwords on mobile devices without having to copy paste all the time which half the time reset the app you wanted to fill in when it switched over to lastpass.

The way lastpass has been progressing i'm not re-becoming a premium user.


#85

danlock

danlock

...Password Safe has a pwsafe keyboard on mobile devices so no copying and pasting is required. That was developed especially to prevent any sensitive info from going into the clipboard, and to prevent any other keyboards from tracking what you type. Just use that keyboard, unlock your database with your master password, select the appropriate entry, and then tap the field you want to enter the data into and tap a button such as [Username} or [Password] or whatever you want.


#86

P

PHolder

advocating
I am not advocating for LastPass. I am simply stating the obvious... they have a service you want, but you are unwilling to pay for. No business can give anything away for free without having a plan to monetize. LastPass apparently doesn't want to try the GMail option (thank goodness) so they are making changes to encourage more people to pay for the service--something that is well within their rights, as the creator of the service, to do. Instead of whining about them changing THEIR service in a way that doesn't please you, you should spend your time doing what you have been doing, deciding what is next FOR YOU.


#87

Greg S

Greg S

Anyone else know of any good alternatives, preferably with the ability to import from lastpass, as transferring everything is going to be a nightmare.

I recently moved from LastPass to 1Password and the migration was quite simple. I don't know why everyone here seems to be obsessed with Bitwarden. I have them both and find 1Password far better.


#88

C

Cyber Axe

I am not advocating for LastPass. I am simply stating the obvious... they have a service you want, but you are unwilling to pay for. No business can give anything away for free without having a plan to monetize. LastPass apparently doesn't want to try the GMail option (thank goodness) so they are making changes to encourage more people to pay for the service--something that is well within their rights, as the creator of the service, to do. Instead of whining about them changing THEIR service in a way that doesn't please you, you should spend your time doing what you have been doing, deciding what is next FOR YOU.
"LastPass apparently doesn't want to try the GMail option (thank goodness)", you obviosly haven't read the past post about who LogMeIns new owners are and what they do, if you think you're safe from info processing.


#89

owlig11

owlig11

Still waiting

Anyone else know of any good alternatives, preferably with the ability to import from lastpass, as transferring everything is going to be a nightmare.

Partially considering onepass just because it's supported by my corporate masters, and i think steve gave it an all clear a while back.
As others have mentionied, Bitwarden is a great option. The export from LP and import into BW was seamless, almost too easy! I am loving BW so far, equal if not better than LP.


#90

B

bertwin

SQRL would be a great option ...


#91

P

PHolder

SQRL would be a great option
No, not really.


#92

kwe

kwe

I switched from LastPass to KeePassXC on my Linux laptop. Works well enough and there are options for phone apps.


#93

Barry Wallis

Barry Wallis

I was thinking about this on my walk yesterday. It turns out that this migration from the free tier to other platforms was exactly LastPass' intent with this latest change. The people leaving LastPass would never convert to the paid tier and now they don't take up any LastPass resources. Especially interesting is that the free tier did not engender any good will towards the company.

This also validates @Steve's sales method for SpinRite (pay up front and get a refund if it doesn't work for you).


#94

Lob

Lob

I was thinking about this on my walk yesterday. It turns out that this migration from the free tier to other platforms was exactly LastPass' intent with this latest change. The people leaving LastPass would never convert to the paid tier and now they don't take up any LastPass resources. Especially interesting is that the free tier did not engender any good will towards the company.

This also validates @Steve's sales method for SpinRite (pay up front and get a refund if it doesn't work for you).
there is a workaround if you want to stay, slightly clunky and could lead to you being exploited.....you manually sync a mobile and desktop lastpass. It would not be that hard......you don't create passwords so often.

I am not against rent solutions but I look at O365 as a very good example that my family and I get Office, current, 1Tb storage each, Skype credits, Outlook.com for about $80 a year. That is a rent proposal that I find attractive.

The LP pricing compared to that is not attractive (and yes, I know it is housing my Crown Jewels but still......)


#95

Barry Wallis

Barry Wallis

@Lob: It all depends on what each solution is worth to you. I too have O365 (which is worth it to me just for the 1TB storage).


#96

B

bertwin

No, not really.
A man can dream


#97

Mainframe

Mainframe

Well, I made the jump to Bitwarden last week. So far, very impressed. I even signed up for the $12-$13 per year (I live in Canada).


#98

C

Cyber Axe

Well, I made the jump to Bitwarden last week. So far, very impressed. I even signed up for the $12-$13 per year (I live in Canada).
Looking into Bitwarden myself


#99

J

Janne Oksanen

This was the final push I needed to move away from LastPass. I've been a user for over 10 years and a paid user for the majority of that time. But last time my subscription ran out they didn't notify me. I only found out a couple months later after I started wondering why I'm no longer getting Yubikey prompts when I log in. They had disabled my 2nd factor authentication without telling me. That's when I figured they were no longer on top of things and stopped paying them. When this news hit I switched to Bitwarden and I'm extremely happy with it. The export/import procedure took less than 10 minutes and the plugin works much better than LastPass of late.


#100

P

PHolder

They had disabled my 2nd factor authentication without telling me.
Yeah, been there, done that. That was the point where I realized that the 2FA they offer is more of a show than a security. If you use a weak master password, you're hosed, because the Yubikey isn't really providing anything into the security if they can just turn it off on a whim.


#101

Lob

Lob

and it is with great interest that Bitwarden is now a sponsor on the Twit network, specifically Security Now :)


#102

H

HKPostOffice

and it is with great interest that Bitwarden is now a sponsor on the Twit network, specifically Security Now :)
It was great to hear that on the Podcast, also funny to hear Leo tiptoe around the "Other" password manager and how he's ditched it.

Good luck to Lastpass (Logmein), but I'm glad to be rid of that rollercoaster of a company.


#103

A

Adam_l

I made my switch to bitwarden yesterday. Export LP csv file and import into BW. Doesn't get any easier. Going to migrate all friends and family over.

I've watched my subs increase by 4x and it is simply no longer justifyable to pay that much as a user.


#104

kwe

kwe

I've been meaning to ditch LP for some opensource alternative. Thanks, LastPass! I do feel encouraged, now.
I switched to KeepassXC for Linux, but it doesn't have syncing or mobile, and it's buggy on the login fill. So I switched to Bitwarden free, which has multi-device syncing and mobile versions. It is also open source. You can run your own sync server, which will become necessary when Bitwarden is sold.


#105

P

PHolder

when Bitwarden is sold
Bitwarden is open source too. https://github.com/bitwarden


#106

Lob

Lob

Bitwarden free tier for personal use is for life, apparently. I am happy to use their platform for my blob of randomness, 500'000 rounds should be enough for now.


#107

Russell...

Russell...

Yeah, let's face it. It looks like LastPass have pulled an Evernote on its users!


#108

A

ablang

So it actually doesn't bother me (much) that I have to choose between only using it between PC & mobile since I've used it alongside another PW manager (LogMeOnce). I've decided I no longer need to use LP on mobile since I can just keep using LogMeOnce on mobile.

What bothers me now w/ using LP on PC is that LP has seemed to become useless now. It used to be able to do form-filling (like for entering sweepstakes and entering in my address) but now it doesn't seem to do that anymore. Has that feature been taken away in the FREE version too?


#109

P

PHolder

Has that feature been taken away
I don't use that feature, so I am unsure. Reading this page https://support.logmeininc.com/last...-experience-why-cant-i-find-my-form-fill-data it seems like maybe there is a some silly step you need to take to make it work [again].