Slashdot Mirror

A reader shares a BetaNews report: A new report by LastPass -- The Password Expose -- reveals the threats posed, and the opportunities presented, by employee passwords. The report starts by pointing out that while nearly everyone (91 percent) knows that it is dangerous to reuse passwords -- with 81 percent of data breaches attributable to "weak, reused, or stolen passwords," more than half (61 percent) do reuse passwords. But the real purpose of the report is to "reveal the true gap between what IT thinks, and what's really happening." Jumping straight into the number, the report says that even in a 250-employee company, there are an average of 53,250 passwords in use -- a near-impossible number to keep track of and to know the strength of. LastPass found that people have nearly 200 passwords to remember, so it's little wonder that password reuse is an issue.

Arguably one of the best password manager applications in the wild, LastPass, is making select services available to its mobile users for free. Under the new plan, LastPass's free services will now include two-factor authentication, password generation and sync, and access from unlimited devices. Previously, the browser extension was available for free but users had to pay a $12 annual free to take their passwords with them on mobile. There is still a subscription fee for the LastPass Premium service, which includes access to family password sharing, two-factor authentication methods like YubiKey and Sesame, encrypted file storage, fingerprint identification on desktop, priority customer support and an ad-free password vault. TechCrunch reports: Basically, LastPass is now charging only for enhanced features rather than convenient access. The company also earns revenue from its enterprise offerings. LastPass says that the change is motivated by a commitment to bringing password security to the masses. "Today's reality is that people's digital lives are increasingly in the cloud -- and inherently span countless personal and work devices. We believe that to truly benefit from the security and convenience of a password manager, it should be available whenever and wherever you need it," LastPass vice president Joe Siegrist said in a statement. "By offering LastPass for free across all your devices, we're making it that much easier for everyone to make good password habits the norm, while resetting the expectations of what a great password management experience should be in a multi-device world." But the pricing change might also be intended to lure users from other paid password management services. LogMeIn CEO Bill Wagner said on an earnings call last week that free users drive revenue for LastPass because they often convert to Premium services or serve as referrals for enterprise business opportunities.

Arguably one of the best password manager applications in the wild, LastPass, is making select services available to its mobile users for free. Under the new plan, LastPass's free services will now include two-factor authentication, password generation and sync, and access from unlimited devices. Previously, the browser extension was available for free but users had to pay a $12 annual free to take their passwords with them on mobile. There is still a subscription fee for the LastPass Premium service, which includes access to family password sharing, two-factor authentication methods like YubiKey and Sesame, encrypted file storage, fingerprint identification on desktop, priority customer support and an ad-free password vault. TechCrunch reports: Basically, LastPass is now charging only for enhanced features rather than convenient access. The company also earns revenue from its enterprise offerings. LastPass says that the change is motivated by a commitment to bringing password security to the masses. "Today's reality is that people's digital lives are increasingly in the cloud -- and inherently span countless personal and work devices. We believe that to truly benefit from the security and convenience of a password manager, it should be available whenever and wherever you need it," LastPass vice president Joe Siegrist said in a statement. "By offering LastPass for free across all your devices, we're making it that much easier for everyone to make good password habits the norm, while resetting the expectations of what a great password management experience should be in a multi-device world." But the pricing change might also be intended to lure users from other paid password management services. LogMeIn CEO Bill Wagner said on an earnings call last week that free users drive revenue for LastPass because they often convert to Premium services or serve as referrals for enterprise business opportunities.

An anonymous reader writes: LogMeIn has agreed to acquire LastPass, the popular single-sign-on (SSO) and password management service. Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.

hawkeyeMI writes: LastPass, the popular password manager, has been hacked. The company says that the “vast majority” of users are safe, and has posted a notice which begins: "We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

Albus Dumb Door writes "As an IT professional, I've got a problem common to many of you: dealing with a lot of passwords. Memorizing them all becomes harder with age and and an increasing number of passwords. I will forget them eventually. I am obviously unable to use something online, like Last Pass and 1Password. Using a single password for all the systems is also obviously out of the question. I know that there are a few apps for cell phones for managing passwords (like Phone Genie and mSecure), but a cell phone, unless it's kept in offline mode (and even then), is still a security risk and I'm pretty sure my employers wouldn't like me having their passwords on my cell phone. I've also taken a look at things like the YubiKey, but changing the authentication scheme of most of the systems is not an option. The only interesting option I've seen so far is the Pitbull Wallet, but they just started taking pre-orders on IndieGoGo and are not expected to deliver until August. Amazon has some hardware password managers as well, like the RecZone and Logio, but either the price or their reviews scared me away. So how do you guys prefer to manage your passwords and what do you recommend?"

CWmike writes "LastPass on Friday rescinded its day-old order that all users of its online password management system reset their master passwords due to a database breach. In a blog post this morning, the company said it won't allow users to change master passwords 'until our databases are completely caught up and we have resolved outstanding issues.' In an e-mail to Computerworld, LastPass CEO Joe Siegrist said the company changed its plan in response to demands from users asking they not be required to reset their passwords. However, comments posted on a LastPass blog suggest that the company's decision may also be related to trouble some users appear to be having with the password reset process. The blog post acknowledged that it had 'identified an issue' with roughly 5% of users that reset their master passwords. The company said it would be contacting those users about a fix for the problem LastPass said earlier that passwords for its Xmarks bookmark sync, which it acquired last December, were not affected."

Trailrunner7 writes "LastPass, a popular Web based password management firm, advised its customers to change the password they use to access the service following what the company said are signs that its network may have been compromised."