Slashdot Mirror

← Back to Stories (view on slashdot.org)

Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier (neowin.net)

Posted by msmash on from the where-things-are-now dept.

An anonymous reader shares a report: In November, LastPass made a big change to its service, allowing users to keep track of their passwords across all their internet-enabled mobile and desktop devices, free of charge. In addition to the free tier, the cross-platform password manager - available on iOS, Android, and Windows 10 -- also offered a Premium plan with additional features, priced at $12 per year. Today, LastPass announced another wave of changes to its lineup for individual users -- but this time, the changes are unlikely to be welcomed with open arms by its customers. LastPass Premium has now doubled in price to $24 a year, which includes "emergency access, the ability to share single passwords and items with multiple people, priority tech support, advanced multi-factor authentication, LastPass for applications, and 1GB of encrypted file storage," along with all the other features of the Free tier. In a statement, the company said, "While LastPass Free continues to offer access on all browsers and devices and the core LastPass password management functionality, unlimited sharing and emergency access are now Premium features. Free users will be able to share one item with one other individual.

25 of 156 comments (clear)

  1. Re:Well, i don't know... by fustakrakich · · Score: 2

    That post is almost illegible. Did you do that on purpose?

    And please, don't start crying about unicode

    --
    “He’s not deformed, he’s just drunk!”
  2. The Drawback of the Cloud by sehlat · · Score: 5, Insightful

    Once you become dependent on cloud services, they are no longer in your service, you are in theirs.

  3. Re:I use passwords.txt. by ShanghaiBill · · Score: 4, Funny

    I do the same, except I have the same 6 byte prefix for all the passwords. So if a password is listed in "passwords.txt" as "correctHorseBatteryStaple" the real password is "7Rz8t5correctHorseBatteryStaple". If anyone gets access to my list, they won't know the prefix, or even know that there is a prefix.

  4. Re:Had no idea this was even a thing by msauve · · Score: 4, Informative

    "Let a bunch of faceless strangers on the Internet keep all your passwords for you?"

    They don't. They keep encrypted versions of your passwords. All encryption/decryption happens locally.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  5. $24 seems kind of high by execthis · · Score: 3, Interesting

    I just renewed recently while it was still $12/year. I feel that $24/year is a bit high. But on the other side, I would never need any of the premium features. That said, I'm happy to pay $12 per year for their service to help a great company. Lastpass has been solid and their service is indispensible.

  6. No objection by jtara · · Score: 3, Interesting

    I've been using LastPass for many years. I used to use Password Safe, which is strictly local. But they had me at "all popular platforms including Linux".

    I have no objection to the price increase. They deserve it, and no doubt will use the money to make the product even better.

  7. Re:Well, i don't know... by grub · · Score: 2

    Is that Perl?

    --
    Trolling is a art,
  8. Great - count me in by Troed · · Score: 3, Interesting

    I was a Premium user since they launched. The changes to the free tier last year caught me by surprise, and sure enough, since I had no reason to pay for Premium I stopped. I remember getting an automated questionnaire as to why I stopped being a Premium customer and I explained clearly that they now offered the full feature set I was interested in in the free tier.

    Now they're apparently changing it so that one feature I want (emergency access) becomes part of the Premium package. Fair enough, they'll get me back as a Premium customer. LastPass is one of those tools I happily pay for, no questions asked.

    --
    it's in my head
  9. I use KeePass by b0bby · · Score: 5, Informative

    I've used KeePass for years now, and while I don't have all the fancy password sharing features I do have my passwords, in a format I trust, available on my PCs and phone. I haven't yet seen a reason to switch.

  10. Re:Had no idea this was even a thing by ctilsie242 · · Score: 3, Insightful

    It is a gamble. For a lot of users, having randomly generated passwords that are stuffed in a PW database is more secure than having them have "hunter2" for their bank, "swordfish" for their Facebook account, etc. The chance of a mass compromise of a Lastpass is definitely less than having one's password revealed to the world the next time some company's list of hashed PWs gets snarfed.

    Even with the potential hazard, if combined with 2FA, the hazard of a compromised password is reduced significantly.

    To boot, longer, hairier PWs can be used as well, as the user doesn't have to remember them.

  11. Re:I use passwords.txt. by unixisc · · Score: 2

    Yeah, but that's not automatically available from any device. Lastpass allows that. I adapted LastPass but do not need any of the extra features, just the simple logins & passwords. Note, however, that LastPass also allows you to store things like Credit Card information (in case one gets stolen), DMV, WiFi SSIDs, Bank Accounts, Router info, et al. All of it quite handy. I don't need emergency access, tech support, ability to share, multi factor authentication or ability to share or any of that.

  12. Just use KeePass by chaotixx · · Score: 5, Insightful

    Just use open source KeePass to hold your passwords and use DropBox to sync your encrypted database between computers/phones/tablets. Works great between Windows, iOS, and Android at least. http://keepass.info/

    1. Re:Just use KeePass by Major_Disorder · · Score: 2

      I do exactly this. Has worked well for me for several years.

      --
      First law of people: People are generally stupid.
  13. Keepass & NextCloud.. by erktrek · · Score: 5, Interesting

    So why not use a local app and cloud storage service? I use Keepass and NextCloud but could easily use GoogleDrive or DropBox or somesuch. The encrypted file doesn't take up that much space and you can sync it to whatever device you want.

  14. Re:Had no idea this was even a thing by bill_mcgonigle · · Score: 3, Insightful

    Ummmm...yeah. I'm sure they do. And I promise I won't cum in your mouth. Pinky promise.

    So do you work for a competitor or did you just want to comment without reading up on how the encryption is done locally with audited viewable-source code in the browser extensions?

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  15. Re:I use passwords.txt. by Anonymous Coward · · Score: 3, Insightful

    It's misdirection all the way down.

    His password is Hunter2

  16. Re:If you need a password manager by Minupla · · Score: 2

    I can remember a few passwords. I can't remember a 24 digit random alpha-numeric-symbol string.

    You know what I do when I get one of those "Geez, sorry guys, we hashed our data with md5 and posted it on our fridge and someone got all your passwords. Change them quick!" emails form SecurityWazzat.org? Giggle as I imagine someone chewing up cycles trying to dehash my random gibberish... Hope they enjoy waiting forever for my password to turn into something readable. Oh, and since I use a different random password for each site it doesn't matter anyways.

    Now I'm in the infosec industry and some of my passwords protect other people's data, and I have a responsibility to keep your data safe, but let's not be so dismissive of other people's security practices. If HorseBatteryStaple is secure enough for your risk tolerances, that's awesome, but it won't be for everyone else's.

    Oh and I'll leave this here for anyone interested in a more indepth review of password security:

    https://diogomonica.com/2014/1...

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  17. rent seeking as inevitable as gravity by Thud457 · · Score: 2

    That's a nice password list you've trusted us to hold for ya. It'd be a real shame if anything happened to it.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  18. Re:1GB? by Roger+W+Moore · · Score: 2

    For basic personal documents, I think this would be worth it (think life insurance, social security, etc)

    Agreed but both the local and remote copies need to be encrypted and require password access. My current solution for this is an encrypted disk image on Dropbox which works fine as long as the image can be kept reasonably small (few 100 MB).

  19. Re:Had no idea this was even a thing by AmiMoJo · · Score: 5, Insightful

    The real issue with LastPass is that it runs in a browser. The most common way of using it is a browser add-on, and it's been found vulnerable in the past.

    Much better to have a separate app and copy/paste. Javascript is not secure.

    Also, KeePass is free and you can sync the database via your own server or any number of free services.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  20. Re:"Lastpassholes hobble free tier, jack prices" by EndlessNameless · · Score: 2

    Never understood the whole, "here Internet, take my passwords" mentality anyway.

    They don't have your passwords---at least, not in a usable form.

    You create a master password for the application. It encrypts your unique, per-site passwords and syncs them. LastPass only sees encrypted data.

    Meanwhile, you can create a strong, unique password for every site that you use. You can even use unique names to obstruct doxxing.

    The application acts as a local database so that you don't have to remember each and every logon. Your security is a little easier, and they have nothing useful assuming the crypto is solid.

    It makes a lot of sense if you have a lot of accounts. Me, though... I don't sign up for enough things to make it worthwhile.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  21. Re:"Lastpassholes hobble free tier, jack prices" by butzwonker · · Score: 3, Insightful

    I wouldn't trust them, since they're located in Washington D.C.. I've written my own password manager 20 years ago and still use it. Less features, but at least if there is a flaw in it, then it's my own fault and not some intern's at random company XYZ.

  22. EnPass by CrashNBrn · · Score: 2

    I switched to EnPass, which runs locally on your machine (encrypted) and a browser addon uses a websocket to connect the two. Which means it doesn't inject itself into every page like Lastpass. Also LastPass tends to cause Firefox to take fits.

    EnPass runs on pretty much any platform:

    iOS, Android, Blackberry, macOS, Windows, Linux, USB-Stick, Chromebook

  23. Re: I use passwords.txt. by RuaisLampSilog · · Score: 2

    Just in case: http://bash.org/?244321

    --
    We all knew this would happen. Alas, we did it anyway.
  24. Re: If you need a password manager by cdwiegand · · Score: 2

    Or youâ(TM)re a network admin and need to share hundreds of network credentials for internal and vendor systems with your team. Thereâ(TM)s a lot more use cases than what you are magically aware of.

    --
    . Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.