back to article Popular password manager LastPass to be spun out from LogMeIn

One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation. "The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said …

  1. Proton_badger

    Ah bon‽

    The marketing drivel is real, a cynical mind might think there are unmentioned reasons why they would want to get rid of it, perhaps related to earnings and future potential - considering all the competition.

    Like many I'm enjoying the free tier of Bitwarden, which is open source and 3rd party audited, as I'm sure everybody here knows already. However, I discovered the paid personal plan is $10/yr, that's not much for supporting them.

    1. stuartnz

      Re: Ah bon‽

      " I discovered the paid personal plan is $10/yr, that's not much for supporting them."

      This is exactly why I moved to the paid tier when I started using Bitwarden nearly 2 years ago. I don't NEED the paid tier's extras, but it's nice to be able to say thanks. I do the same with StoryGraph, the Amazon-free Goodreads alternative, pay for the Plus options as a gesture of support rather than out of need

  2. JassMan

    There is a lot to be said for keeping your passwords locally.

    Also in February, LastPass came in for criticism after a security researcher recommended against the password manager's Android app after noting seven embedded trackers in the software. LogMeIn said at the time that users can opt out if they want.

    My personal choice is to use Passwordsafe (the pwsafe.org version) because:

    a) it is open source so no security by obscurity

    b) passwords are still encrypted even while in memory and only decoded individually for display/copy-paste

    c) support for all OSes, not just Win & iOS

    d) you can choose where to store your data - Mine is on a pair of USB sticks (one on my keyring, the other in a locked drawer for backup.)

    e) no ongoing costs, or any costs for that matter.

    1. big_D

      Re: There is a lot to be said for keeping your passwords locally.

      The Android app also became unreliable around that time - it didn't work well with Firefox, so you ended up swapping back and forth between LP and FF copying and pasting usernames and passwords!

      I switched to 1Password. I looked at Bitwarden, but it was too complicated for my partner - heck, 1Password is too complicated for them to set up and I usually end up creating new accounts for them, but at least they can log in using 1Password!

      We often forget how even something as "simple" as a password manager, or even setting up an account on a new service, is often beyond mere mortals who are not interested in technology and don't use technology every day, day-in, day-out.

      Most services are written for the technically literate, even "simple" on-screen prompts are often confusing for non-technical people.

      1. anothercynic Silver badge

        Re: There is a lot to be said for keeping your passwords locally.

        1Password is fabulous. I was put on to 1Password by several security podcasts who suggested users use it because it was straightforward and it syncs using iCloud or DropBox. That was good enough for me.

        I am aware though that 1P is also offering cloud-based accounts like LP does, but I opt for the local vault purely because I don't want to ever find myself locked out because of whatever reason.

  3. fxkeh

    People still use Lastpass?

    I use both 1Password and Dashlane (personal and company stuff) and tried out Lastpass - it was truly awful. Though I (and the company) were willing to pay so is Lastpass the best you can hope for for cheapskates?

    1. Scott Pedigo

      Re: People still use Lastpass?

      The user experience is only one consideration.

      Some others are:

      - the encryption / decryption are done locally

      - the ability and ease to hook into the company's authentication system, e.g. LDAP or some other SSO

      - where the passwords are stored if the company is not based in the U.S.

      - the ability to set and enforce rules on managed office laptops / desktops to prevent the user from storing company passwords in their private password manager or vice-versa

      Lastpass ticks a few boxes that not all the others do, which is why a company might select it.

    2. Recessio

      Re: People still use Lastpass?

      I stopped using it when they started charging for more than one device - I use Bitwarden now.

      1. RichUK

        Re: People still use Lastpass?

        Ditto. Support has been appalling ever since LogMeIn took them over and that was very definitely the last straw. LMI are only in it to milk it and the users - they've shown no sign whatsoever of being good owners and guardians for LP.

    3. big_D

      Re: People still use Lastpass?

      I used LastPass for years (well over half a decade) and most of that time as a paying customer (family subscritption). But it became unreliable on Android and then the tracker "scandal".

      I'd discovered the 1Password "Random but memorable" podcast at the end of last year and they are a fun bunch of people who really seem passionate about their product and their jobs. I decided to give them a try and within a month, I'd swapped the whole family across to a paid account and let the LP account run out at the end of this year.

      I looked at Bitwarden, but it was too complicated for certain users in the family, so I went with 1Password and I find it very good, so far.

  4. Anonymous Coward
    Anonymous Coward

    Embedded trackers

    Work has a subscription to LastPass, so I'm sort of stuck with it (although I use Bitwarden in my own life). One thing that is noticeable from the LastPass Firefox add-on (possibly the same for other browsers) is that it looks like whenever the add-on gets updated or signed out, you have to make sure to go into a hidden by default section of the login panel to disable the tracking spyware yet again (which, for obscure evil reasons is enabled by default, rather than disabled by default, as it should be «sigh»).

    1. yetanotheraoc Silver badge

      Re: Embedded trackers

      LastPass is far from the only ones to remember some config and conveniently forget some other config. I view this as a handy "Replace Me!" alert, albeit I do have to manually initiate some sort of audit to trigger the alert. Thanks to the helpful manglement decisions, I don't have to audit the source code, the config dialog usually shows me what I need to know. No privacy settings? Extra hurdles for privacy settings? Placebo privacy settings? Forgotten privacy settings? Bye bye.

  5. This post has been deleted by its author

  6. demon driver

    XMarks

    My first negative experience with LastPass was when they killed XMarks, the only usable cross-platform, cross-browser bookmark sync tool at the time – not long after I had let myself being lured into LastPass only because I already used and liked XMarks. When the other negatives mentioned in the article came up, I moved to a self-hosted Bitwarden setup and have never looked back. I wonder how well the LastPass business actually has been doing.

    1. Zippy´s Sausage Factory

      Re: XMarks

      I must admin I wouldn't use LastPass just on that basis.

      I miss XMarks, I've never seen anything as good myself, although it sounds like you have, in which case I'd love to know.

      1. demon driver

        Re: XMarks

        For a while I did use Nextcloud's Bookmarks app together with the floccus browser extension (for Firefox and Chrome), but I stopped when I noticed some strange behaviour, like doubling the icons on Vivaldi's Start Page every now and then. I guess I should give it another try one of these days.

  7. AndrueC Silver badge
    Unhappy

    LogMeIn said today it planned to "increase investment in the customer experience" for the new standalone business and said customers would see "planned enhancements on an accelerated timeline in 2022

    Oh dear. My experience is just fine as it is, thanks. And does this mean we should expect more useless chuff and unwanted intrusions?

  8. Hubert Cumberdale Silver badge

    KeePassXC FTW!

    1. krivine

      And Syncthing, to keep it all local.

    2. Anonymous Coward
      Anonymous Coward

      Not sure of the XC bit - do have it on my PC and KeePass Droid

  9. Caoilte

    keepassxc all the way

  10. Caoilte

    keepassxc all the way!

  11. Dibbes

    Log4j version 2.15 vulnerable to CVE-2021-45046

    "Version 2.15 of Log4j was released with the exploitable functionality disabled by default last week."

    Unfortunately version 2.15 is not enough. Last night version 2.16 was released as 2.15 opens you up to CVE-2021-45046. Albeit a score of 3.7, it still is something people should know about

    1. diodesign (Written by Reg staff) Silver badge

      Re: Log4j version 2.15 vulnerable to CVE-2021-45046

      Yeah, we're just about to run an update on it.

      C.

  12. EricB123 Silver badge

    D. I. Y

    After hearing about the trackers in password managers, I would think just keeping a self stored password, even a relatively simple one, affords greater protection.

    1. Claverhouse

      Re: D. I. Y

      I just use Enpass, locally - no cloud. Very simple. Should I need it on another machine I would stick it on a zipdrive.

      Sadly at the moment I can't install it, since they only cater to some less attractive Linuxes such as Ubuntu --- my OS, PCLinuxOS only makes it easy to install from their own Synaptic [ although there's an easy method of installing random rpms, Enpass doesn't offer standalone rpms ].

      So I use Enpass Appimage, with it's attached storage file --- despite having no liking at all for appimages, flatpaks or snaps, at all.

      I recently emailed Enpass requesting they could consider getting it into PCLinuxOS.

      .

      Anyway, whilst spies could no doubt enter my computer and find the files, at least they can't just snatch the information from the cloud.

    2. ICL1900-G3 Silver badge

      Re: D. I. Y

      Yep, I use password123 for everything. No problems so far. I think...

  13. JBowler

    Yep, LogMein tanked it

    It was "OK" prior to the LogMein acquistion, then the support obviously disappeared/was fired. I put up with it for a while then, when I was pretty much told they couldn't fix it (I was paying the "family" rate, they couldn't fix up the mess they had created) I moved to Dashlane.

    Rushlane isn't perfect. I'm paying the "team" plan because when I joined they didn't do families. Teams suck (I know that from many years experience in the s/w industry) but they don't suck that bad, families are probably worse.

    My motto, courtesy of the Bruce's experience and a whole lot more of my own in s/w; if at once it doesn't work, give up.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yep, LogMein tanked it

      I was a LogMeIn user, so I knew them buying LastPass was not good. I had already had my fun with that company. I woke up one day to their new interface that removed a lot of functionality I had before the update. It made the product basically unusable. I called them and they said upgrade, we'll give you a 90day free trial! So, they took away functionality and wanted me to pay more for a product without any warning. I stopped using them the same day and moved the company to another solution. They're like Intuit, where good companies go to die.

  14. LRanger

    Vaultwarden

    I switched from Lastpass to Dashlane around the time they took over Xmarks, I quickly but found Dashlane to be very annoying and switched again to Bitwarden. I've been running Vaultwarden (Bitwarden compatible backend) self-hosted for a couple of years and don't plan to change. I've also used Bfolders for several years mainly for secure notes and banking logins, that I'm slowly migrating to Bitwarden/Vaultwarden

    Surprised with the comments here that Bitwarden is 'too difficult'.

  15. Dreams65

    I rely heavily on a password manager. But I chose Enpass over the competition. Been using it for several years now and never had any issues.

  16. Anonymous Coward
    Anonymous Coward

    "increase investment in the customer experience"

    RUN!

  17. R.O.

    Cloud secure and private?

    I use a piece of paper taped to the bottom of my keyboard for the most important passwords. They are are doing just fine. Free. No one has access except me.

  18. Tree
    Unhappy

    GOOOGLE ruined them on Android, maybe on Windows 7, too.

    I have my phone and tablet locked down so Gurgle cannot track me. LastPass wanted me to allow all these trackers and ad sites. I refused to allow access to all of them so it doesn't work on my devices. Then it stopped working on PaleMoon (for the same reasons?). LastPass is now pretty much worthless for me, because I care about my privacy. PaleMoon wants to share too much with nefarious tech giants, I'm afraid.

  19. Tree
    Unhappy

    GOOGLE ruined it on my phone and tablet and PaleMoon likewise in Windows 7

    When I installed LastPass on my Adroid devices, it would not work unless I allowed all these trackers and adware things like Google. My privacy is VERY IMPORTANT TO ME, unlike to lying Gurgle and FaceBUTT. I had my PaleMoon browser pretty much locked down also to prevent most adware and spyware. They made it "better?" for them, so many of my previous addons that kept the bad guys off my computer do not work any more. I blame monopoly moneybags tech companies for this.

    Luckily, my past installations of some addons, worked their magic on some of the mysterious inner workings of PaleMoon and are still blocking some bad actors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like