LogMeIn To Acquire LastPass For $125 Million

An anonymous reader writes: LogMeIn has agreed to acquire LastPass, the popular single-sign-on (SSO) and password management service. Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.

Will Use Neither

LassPass got their ass handed to them in the no-so-distant past. No, thank you. Having a company that collects passwords now marrying a company that handles remote logins. Hmmm... What could go wrong?

Re:Will Use Neither

[Gaygirlie]

Having a company that collects passwords

The quoted part never sat right with me, I've always felt somewhat icky about the idea of giving out all of my passwords to a company-controlled service. I don't know if it is rational to be wary of them or not, I certainly haven't heard of them doing anything nefarious or anything to earn it, but passwords and usernames are just so damn important that I just don't know if I'd want to hand the whole damn treasure-trove out to an unknown 3rd-party. I've always used Keepass 2.x to store my passwords -- the password-database is always in my control, and there are good, open-source apps for Keepass-databases for Windows, Linux, Android et.al.

Re:Will Use Neither

[Anonymous+Psychopath]

Meh, I feel they handled that "breach" pretty well...

That being said, I fear LogMeIn is going to destroy LastPass.

They did handle it well. Preaching to the choir a little bit, but LastPass has always responsibly disclosed threats, usually to their own detriment because most of their customers can't be bothered to understand how security is supposed to work (hint: it should be designed to withstand a breech). The breech only provided worthless data to the attackers. Brute-forcing is hard, and assuming we were all smart enough to change our master passwords, the attackers only got old, useless passwords in return for all their efforts.

Meanwhile, everyone ran around saying KeePass on Dropbox is far better, because open source is magically more secure (it can be, but that doesn't mean it is), and Dropbox gets compromised almost annually.

I know I probably sounds like I work there or something, but I'm just a happy user. I hope LogMeIn doesn't fuck it up. I don't really know anything about them.

Re:Will Use Neither

[jimbo]

Meh, people are so often binary. Unfortunately the world isn't as simple as "A is far better than B". While I prefer the way KeePass handles its data, the various browser plugins handling form data (inserting/extracting) seem much inferior to Lastpass. Using it in a browser is my main use case.

I really want to use KeePass but it'll need to be a bit smoother in browsers first. I'm sure it will be.

Re:That hardly matters

[frovingslosh]

If LastPass was only a place that you stored an encrypted file that you created yourself and could only give it back to you in encrypted form, then what you say could be argued. The argument might or might not hold up, but it could be argued.

But if you are using LastPass software on your own machine to do the encrypting and the decryption of the passwords and then logging in to sites that you want to be secure, then you have given up control.

If you are too trusting to understand this, replace "LastPass" with "Chinese" or "N.S.A." in the above and read it again.