LastPass to be spun out to an independent company again

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

PHolder

Well-known member
Sep 16, 2020
921
2
395
Ontario, Canada
I hope LastPass can recover their reputation while making these changes, but I fear this will not be a good change. I'm sure they'll need money and they'll want to raise prices, but having just done that a year ago, I think if they go again for price increases it will only increase reputational damage.

 

Lob

What could possibly go wrong?
Nov 7, 2020
129
29
Good for them but many switched to Bitwarden on the basis of LastPass's changes a year ago. Most won't about-turn.....
 

drwtsn32

Active member
Sep 19, 2020
41
14
Same here, Lob. Switched to Bitwarden a couple years ago, definitely won't switch back.
 

dougBelcher

New member
Sep 25, 2020
1
1
I'm afraid that you are both right. I ditched LastPass for Bitwarden this last year mostly based on Leo's recommendation, but also on it being open source and cheaper than LastPass. I'm not likely to go back at this point.
 
  • Like
Reactions: nifl

Ralph

Well-known member
Sep 24, 2020
83
9
By the time I finally decided to go with a password manager SN switched to Bitwarden. After some playing on the BW free version I went with the paid one. $10 per year is a small investment to help keep a nice piece of software under development.

I may be wrong for not trusting the browser extension but for me the desktop app works just fine. I do keep 2 or 3 logins off Bitwarden just in case, but all in all I do like and trust it.
 

iMark77

Member
Jan 8, 2021
6
0
WV
TheQuietWon.net
Well this is interesting news. as a week or two ago I started noticing more and more of my devices not remembering my master password and having to copy paste the ridiculous thing every time is really annoying that's what the authenticators for. Then this started to happen on family members account since I signed up for a family plan. I was thinking about switching but as I discovered that there was a design decision to no longer remember I was really starting to think about it maybe time. I don't know after you shoot yourself in the foot you only have so much blood you can lose. And the last past user experience is starting to go downhill real quick for me. as a family member has a issue oh get that in lastpass, oh you got logged out oh hold on give me your phone..... As I set them up with reasonable passwords and I'm still trying to transition them into using it their accounts are reasonably secure enough with it remembering the password and asking for a pin. But Then I go over to my device(s) if every single one of them when I touch it nowadays need the master password again. Sorry I'm frustrated and also feeling rantty. Of course that's assuming I don't need to do the email loop that yeah I'm actually where located but my IP address changes because you konw cellular uses NATed IPs....
 

rfrazier

Well-known member
Sep 30, 2020
442
124
I used to have Lastpass premium with the mobile app. Now I'm on free and have to use the web browser. But, from memory, look in the settings for the following. One lets you enter a pin rather than the master password for reauthentication in some circumstances. Advanced settings on the login screen have a "remember password" option. I personally never turn on the "remember password" option, as that seems to defeat the whole point. You may, as I do, have the settings for each password account set to always require the master password again. That's changeable but I like mine that way. But, there is also a setting somewhere, I think when you enter the password, that says (checkbox) don't ask again for (choose) minutes / hours. You can set this for 3 hours or something. Be careful lowering the security level. If someone steals the phone, they could have access to the entire vault for a period of time. You could use a master password which is somewhat memorable and typeable, say 4 or more words separated by some number of digits and symbols. Do not use a common phrase or anything from a static website. In the main settings on the website, turn on 2 factor authentication and set it to use Google authenticator or a Yubikey or similar. This reduces the risk if the master password is compromised. If someone gets the phone, the master password, and the 2fa, you're in trouble. You'd have to go into the account from a different device and change the master password. This is a good reason to have your Google Authenticator on multiple devices, along with all the same codes. I've been using an old copy of WinAuth by Colin Mackie on the PC to do 2fa. I'm not sure if it's available any more. You'd then have to go to each account and deauthenticate all their individual 2fa's, change their individual passwords, and reenable the 2fa's. This is because each device can store it's own local copy of the password database. Finally, there is an advanced setting in the Lastpass configuration on the website called password iterations. They recommend 100100. I think, years ago, it started much lower. I bumped mine up to a number near that but not the same. This helps prevent someone from brute forcing your password if they get your database. Writing this up reminded me of some things I'd forgotten should I need to change to Bitwarden or something. Lastpass really does have some cool features. My family would never put up with this kind of hassle. Of course, they probably don't have 100+ online accounts the way I do. Hope this helps.

May your bits be stable and your interfaces be fast. :cool: Ron
 

rfrazier

Well-known member
Sep 30, 2020
442
124
This thread reminded me of the Correct Horse Battery Staple thing that @Steve and Leo mentioned years ago. If you're not familiar with it, the concept is that you can generate a fairly strong passphrase with 4 (random uncommon) words possibly with the addition of some numbers and symbols. I mentioned this idea in the post above. Here are some historical references.



Do NOT use Correct Horse Battery Staple as your passphrase.

But, there are problems, since humans just aren't very good at being random, and brute force attacks and hardware are getting much better. People are much more likely to choose Take Me Out To Lunch rather than Starshine Meerkat Skyscraper Fuzzball as a passphrase. Here's a summary of some of the problems.


I personally believe, though, that having a 64 character random password AS THE MASTER password for a password manager makes the system unusable. Therefore, I like the idea of a passphrase for the master password, which I can remember and type with some difficulty. Then, for individual account passwords, the password generator can provide 32 or 64 character random characters, or whatever will fit into the login screen you're using.

May your bits be stable and your interfaces be fast. :cool: Ron
 

rfrazier

Well-known member
Sep 30, 2020
442
124
That site is pretty cool. Has some cool background info too.

PS, re my post above. When I said don't use CorrectHorseBatteryStaple as your passphrase, I meant don't use THAT phrase. But, the https://www.correcthorsebatterystaple.net/ site can generate other passphrases similar to the Diceware site that @Barry Wallis mentioned.

May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: Barry Wallis

dmot

Member
Dec 6, 2020
17
4
Good for them but many switched to Bitwarden on the basis of LastPass's changes a year ago. Most won't about-turn.....
I switched to bitwarden and it wasn't related to the cost of LastPass, but more on the issues with support. I thought as a paying customer the support would be better, but it was really bad. It is one thing if they take a couple of days to respond, I get that staff may not have increased with the increase in the cost of the product, I'm fine with waiting a few days, but when they don't bother to read the information that I've emailed them and ask me to do things I have already done, then there isn't much more I can do other than to switch to another provider. I actually like LastPass better than bitwarden, but I couldn't continue to deal with the issue I was having, the only way to solve the issue was to log out of LastPass, but then I couldn't login into my accounts.