Slashdot Mirror
Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier (neowin.net)
An anonymous reader shares a report: In November, LastPass made a big change to its service, allowing users to keep track of their passwords across all their internet-enabled mobile and desktop devices, free of charge. In addition to the free tier, the cross-platform password manager - available on iOS, Android, and Windows 10 -- also offered a Premium plan with additional features, priced at $12 per year. Today, LastPass announced another wave of changes to its lineup for individual users -- but this time, the changes are unlikely to be welcomed with open arms by its customers. LastPass Premium has now doubled in price to $24 a year, which includes "emergency access, the ability to share single passwords and items with multiple people, priority tech support, advanced multi-factor authentication, LastPass for applications, and 1GB of encrypted file storage," along with all the other features of the Free tier. In a statement, the company said, "While LastPass Free continues to offer access on all browsers and devices and the core LastPass password management functionality, unlimited sharing and emergency access are now Premium features. Free users will be able to share one item with one other individual.
Once you become dependent on cloud services, they are no longer in your service, you are in theirs.
I do the same, except I have the same 6 byte prefix for all the passwords. So if a password is listed in "passwords.txt" as "correctHorseBatteryStaple" the real password is "7Rz8t5correctHorseBatteryStaple". If anyone gets access to my list, they won't know the prefix, or even know that there is a prefix.
"Let a bunch of faceless strangers on the Internet keep all your passwords for you?"
They don't. They keep encrypted versions of your passwords. All encryption/decryption happens locally.
"National Security is the chief cause of national insecurity." - Celine's First Law
I just renewed recently while it was still $12/year. I feel that $24/year is a bit high. But on the other side, I would never need any of the premium features. That said, I'm happy to pay $12 per year for their service to help a great company. Lastpass has been solid and their service is indispensible.
I've been using LastPass for many years. I used to use Password Safe, which is strictly local. But they had me at "all popular platforms including Linux".
I have no objection to the price increase. They deserve it, and no doubt will use the money to make the product even better.
I was a Premium user since they launched. The changes to the free tier last year caught me by surprise, and sure enough, since I had no reason to pay for Premium I stopped. I remember getting an automated questionnaire as to why I stopped being a Premium customer and I explained clearly that they now offered the full feature set I was interested in in the free tier.
Now they're apparently changing it so that one feature I want (emergency access) becomes part of the Premium package. Fair enough, they'll get me back as a Premium customer. LastPass is one of those tools I happily pay for, no questions asked.
it's in my head
I've used KeePass for years now, and while I don't have all the fancy password sharing features I do have my passwords, in a format I trust, available on my PCs and phone. I haven't yet seen a reason to switch.
It is a gamble. For a lot of users, having randomly generated passwords that are stuffed in a PW database is more secure than having them have "hunter2" for their bank, "swordfish" for their Facebook account, etc. The chance of a mass compromise of a Lastpass is definitely less than having one's password revealed to the world the next time some company's list of hashed PWs gets snarfed.
Even with the potential hazard, if combined with 2FA, the hazard of a compromised password is reduced significantly.
To boot, longer, hairier PWs can be used as well, as the user doesn't have to remember them.
Just use open source KeePass to hold your passwords and use DropBox to sync your encrypted database between computers/phones/tablets. Works great between Windows, iOS, and Android at least. http://keepass.info/
So why not use a local app and cloud storage service? I use Keepass and NextCloud but could easily use GoogleDrive or DropBox or somesuch. The encrypted file doesn't take up that much space and you can sync it to whatever device you want.
Ummmm...yeah. I'm sure they do. And I promise I won't cum in your mouth. Pinky promise.
So do you work for a competitor or did you just want to comment without reading up on how the encryption is done locally with audited viewable-source code in the browser extensions?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It's misdirection all the way down.
His password is Hunter2
The real issue with LastPass is that it runs in a browser. The most common way of using it is a browser add-on, and it's been found vulnerable in the past.
Much better to have a separate app and copy/paste. Javascript is not secure.
Also, KeePass is free and you can sync the database via your own server or any number of free services.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I wouldn't trust them, since they're located in Washington D.C.. I've written my own password manager 20 years ago and still use it. Less features, but at least if there is a flaw in it, then it's my own fault and not some intern's at random company XYZ.