LastPass to be spun out to an independent company again

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

PHolder

Well-known member
Sep 16, 2020
1,472
1
602
Ontario, Canada
I hope LastPass can recover their reputation while making these changes, but I fear this will not be a good change. I'm sure they'll need money and they'll want to raise prices, but having just done that a year ago, I think if they go again for price increases it will only increase reputational damage.

 
Good for them but many switched to Bitwarden on the basis of LastPass's changes a year ago. Most won't about-turn.....
 
Same here, Lob. Switched to Bitwarden a couple years ago, definitely won't switch back.
 
I'm afraid that you are both right. I ditched LastPass for Bitwarden this last year mostly based on Leo's recommendation, but also on it being open source and cheaper than LastPass. I'm not likely to go back at this point.
 
  • Like
Reactions: nifl
By the time I finally decided to go with a password manager SN switched to Bitwarden. After some playing on the BW free version I went with the paid one. $10 per year is a small investment to help keep a nice piece of software under development.

I may be wrong for not trusting the browser extension but for me the desktop app works just fine. I do keep 2 or 3 logins off Bitwarden just in case, but all in all I do like and trust it.
 
Well this is interesting news. as a week or two ago I started noticing more and more of my devices not remembering my master password and having to copy paste the ridiculous thing every time is really annoying that's what the authenticators for. Then this started to happen on family members account since I signed up for a family plan. I was thinking about switching but as I discovered that there was a design decision to no longer remember I was really starting to think about it maybe time. I don't know after you shoot yourself in the foot you only have so much blood you can lose. And the last past user experience is starting to go downhill real quick for me. as a family member has a issue oh get that in lastpass, oh you got logged out oh hold on give me your phone..... As I set them up with reasonable passwords and I'm still trying to transition them into using it their accounts are reasonably secure enough with it remembering the password and asking for a pin. But Then I go over to my device(s) if every single one of them when I touch it nowadays need the master password again. Sorry I'm frustrated and also feeling rantty. Of course that's assuming I don't need to do the email loop that yeah I'm actually where located but my IP address changes because you konw cellular uses NATed IPs....
 
I used to have Lastpass premium with the mobile app. Now I'm on free and have to use the web browser. But, from memory, look in the settings for the following. One lets you enter a pin rather than the master password for reauthentication in some circumstances. Advanced settings on the login screen have a "remember password" option. I personally never turn on the "remember password" option, as that seems to defeat the whole point. You may, as I do, have the settings for each password account set to always require the master password again. That's changeable but I like mine that way. But, there is also a setting somewhere, I think when you enter the password, that says (checkbox) don't ask again for (choose) minutes / hours. You can set this for 3 hours or something. Be careful lowering the security level. If someone steals the phone, they could have access to the entire vault for a period of time. You could use a master password which is somewhat memorable and typeable, say 4 or more words separated by some number of digits and symbols. Do not use a common phrase or anything from a static website. In the main settings on the website, turn on 2 factor authentication and set it to use Google authenticator or a Yubikey or similar. This reduces the risk if the master password is compromised. If someone gets the phone, the master password, and the 2fa, you're in trouble. You'd have to go into the account from a different device and change the master password. This is a good reason to have your Google Authenticator on multiple devices, along with all the same codes. I've been using an old copy of WinAuth by Colin Mackie on the PC to do 2fa. I'm not sure if it's available any more. You'd then have to go to each account and deauthenticate all their individual 2fa's, change their individual passwords, and reenable the 2fa's. This is because each device can store it's own local copy of the password database. Finally, there is an advanced setting in the Lastpass configuration on the website called password iterations. They recommend 100100. I think, years ago, it started much lower. I bumped mine up to a number near that but not the same. This helps prevent someone from brute forcing your password if they get your database. Writing this up reminded me of some things I'd forgotten should I need to change to Bitwarden or something. Lastpass really does have some cool features. My family would never put up with this kind of hassle. Of course, they probably don't have 100+ online accounts the way I do. Hope this helps.

May your bits be stable and your interfaces be fast. :cool: Ron
 
This thread reminded me of the Correct Horse Battery Staple thing that @Steve and Leo mentioned years ago. If you're not familiar with it, the concept is that you can generate a fairly strong passphrase with 4 (random uncommon) words possibly with the addition of some numbers and symbols. I mentioned this idea in the post above. Here are some historical references.



Do NOT use Correct Horse Battery Staple as your passphrase.

But, there are problems, since humans just aren't very good at being random, and brute force attacks and hardware are getting much better. People are much more likely to choose Take Me Out To Lunch rather than Starshine Meerkat Skyscraper Fuzzball as a passphrase. Here's a summary of some of the problems.


I personally believe, though, that having a 64 character random password AS THE MASTER password for a password manager makes the system unusable. Therefore, I like the idea of a passphrase for the master password, which I can remember and type with some difficulty. Then, for individual account passwords, the password generator can provide 32 or 64 character random characters, or whatever will fit into the login screen you're using.

May your bits be stable and your interfaces be fast. :cool: Ron
 
That site is pretty cool. Has some cool background info too.

PS, re my post above. When I said don't use CorrectHorseBatteryStaple as your passphrase, I meant don't use THAT phrase. But, the https://www.correcthorsebatterystaple.net/ site can generate other passphrases similar to the Diceware site that @Barry Wallis mentioned.

May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: Barry Wallis
Good for them but many switched to Bitwarden on the basis of LastPass's changes a year ago. Most won't about-turn.....
I switched to bitwarden and it wasn't related to the cost of LastPass, but more on the issues with support. I thought as a paying customer the support would be better, but it was really bad. It is one thing if they take a couple of days to respond, I get that staff may not have increased with the increase in the cost of the product, I'm fine with waiting a few days, but when they don't bother to read the information that I've emailed them and ask me to do things I have already done, then there isn't much more I can do other than to switch to another provider. I actually like LastPass better than bitwarden, but I couldn't continue to deal with the issue I was having, the only way to solve the issue was to log out of LastPass, but then I couldn't login into my accounts.