Popular password manager LastPass to be spun out from LogMeIn One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation. "The success we've seen across the entire LogMeIn portfolio over the last 18 months proves there is a vast growth opportunity ahead for both LastPass and LogMeIn," said …
The marketing drivel is real, a cynical mind might think there are unmentioned reasons why they would want to get rid of it, perhaps related to earnings and future potential - considering all the competition.
Like many I'm enjoying the free tier of Bitwarden, which is open source and 3rd party audited, as I'm sure everybody here knows already. However, I discovered the paid personal plan is $10/yr, that's not much for supporting them.
" I discovered the paid personal plan is $10/yr, that's not much for supporting them."
This is exactly why I moved to the paid tier when I started using Bitwarden nearly 2 years ago. I don't NEED the paid tier's extras, but it's nice to be able to say thanks. I do the same with StoryGraph, the Amazon-free Goodreads alternative, pay for the Plus options as a gesture of support rather than out of need
Also in February, LastPass came in for criticism after a security researcher recommended against the password manager's Android app after noting seven embedded trackers in the software. LogMeIn said at the time that users can opt out if they want.
My personal choice is to use Passwordsafe (the pwsafe.org version) because:
a) it is open source so no security by obscurity
b) passwords are still encrypted even while in memory and only decoded individually for display/copy-paste
c) support for all OSes, not just Win & iOS
d) you can choose where to store your data - Mine is on a pair of USB sticks (one on my keyring, the other in a locked drawer for backup.)
e) no ongoing costs, or any costs for that matter.
The Android app also became unreliable around that time - it didn't work well with Firefox, so you ended up swapping back and forth between LP and FF copying and pasting usernames and passwords!
I switched to 1Password. I looked at Bitwarden, but it was too complicated for my partner - heck, 1Password is too complicated for them to set up and I usually end up creating new accounts for them, but at least they can log in using 1Password!
We often forget how even something as "simple" as a password manager, or even setting up an account on a new service, is often beyond mere mortals who are not interested in technology and don't use technology every day, day-in, day-out.
Most services are written for the technically literate, even "simple" on-screen prompts are often confusing for non-technical people.
1Password is fabulous. I was put on to 1Password by several security podcasts who suggested users use it because it was straightforward and it syncs using iCloud or DropBox. That was good enough for me.
I am aware though that 1P is also offering cloud-based accounts like LP does, but I opt for the local vault purely because I don't want to ever find myself locked out because of whatever reason.
The user experience is only one consideration.
Some others are:
- the encryption / decryption are done locally
- the ability and ease to hook into the company's authentication system, e.g. LDAP or some other SSO
- where the passwords are stored if the company is not based in the U.S.
- the ability to set and enforce rules on managed office laptops / desktops to prevent the user from storing company passwords in their private password manager or vice-versa
Lastpass ticks a few boxes that not all the others do, which is why a company might select it.
I used LastPass for years (well over half a decade) and most of that time as a paying customer (family subscritption). But it became unreliable on Android and then the tracker "scandal".
I'd discovered the 1Password "Random but memorable" podcast at the end of last year and they are a fun bunch of people who really seem passionate about their product and their jobs. I decided to give them a try and within a month, I'd swapped the whole family across to a paid account and let the LP account run out at the end of this year.
I looked at Bitwarden, but it was too complicated for certain users in the family, so I went with 1Password and I find it very good, so far.
Work has a subscription to LastPass, so I'm sort of stuck with it (although I use Bitwarden in my own life). One thing that is noticeable from the LastPass Firefox add-on (possibly the same for other browsers) is that it looks like whenever the add-on gets updated or signed out, you have to make sure to go into a hidden by default section of the login panel to disable the tracking spyware yet again (which, for obscure evil reasons is enabled by default, rather than disabled by default, as it should be «sigh»).
LastPass is far from the only ones to remember some config and conveniently forget some other config. I view this as a handy "Replace Me!" alert, albeit I do have to manually initiate some sort of audit to trigger the alert. Thanks to the helpful manglement decisions, I don't have to audit the source code, the config dialog usually shows me what I need to know. No privacy settings? Extra hurdles for privacy settings? Placebo privacy settings? Forgotten privacy settings? Bye bye.
This post has been deleted by its author
My first negative experience with LastPass was when they killed XMarks, the only usable cross-platform, cross-browser bookmark sync tool at the time – not long after I had let myself being lured into LastPass only because I already used and liked XMarks. When the other negatives mentioned in the article came up, I moved to a self-hosted Bitwarden setup and have never looked back. I wonder how well the LastPass business actually has been doing.
For a while I did use Nextcloud's Bookmarks app together with the floccus browser extension (for Firefox and Chrome), but I stopped when I noticed some strange behaviour, like doubling the icons on Vivaldi's Start Page every now and then. I guess I should give it another try one of these days.
LogMeIn said today it planned to "increase investment in the customer experience" for the new standalone business and said customers would see "planned enhancements on an accelerated timeline in 2022
Oh dear. My experience is just fine as it is, thanks. And does this mean we should expect more useless chuff and unwanted intrusions?
"Version 2.15 of Log4j was released with the exploitable functionality disabled by default last week."
Unfortunately version 2.15 is not enough. Last night version 2.16 was released as 2.15 opens you up to CVE-2021-45046. Albeit a score of 3.7, it still is something people should know about
I just use Enpass, locally - no cloud. Very simple. Should I need it on another machine I would stick it on a zipdrive.
Sadly at the moment I can't install it, since they only cater to some less attractive Linuxes such as Ubuntu --- my OS, PCLinuxOS only makes it easy to install from their own Synaptic [ although there's an easy method of installing random rpms, Enpass doesn't offer standalone rpms ].
So I use Enpass Appimage, with it's attached storage file --- despite having no liking at all for appimages, flatpaks or snaps, at all.
I recently emailed Enpass requesting they could consider getting it into PCLinuxOS.
.
Anyway, whilst spies could no doubt enter my computer and find the files, at least they can't just snatch the information from the cloud.
It was "OK" prior to the LogMein acquistion, then the support obviously disappeared/was fired. I put up with it for a while then, when I was pretty much told they couldn't fix it (I was paying the "family" rate, they couldn't fix up the mess they had created) I moved to Dashlane.
Rushlane isn't perfect. I'm paying the "team" plan because when I joined they didn't do families. Teams suck (I know that from many years experience in the s/w industry) but they don't suck that bad, families are probably worse.
My motto, courtesy of the Bruce's experience and a whole lot more of my own in s/w; if at once it doesn't work, give up.
I was a LogMeIn user, so I knew them buying LastPass was not good. I had already had my fun with that company. I woke up one day to their new interface that removed a lot of functionality I had before the update. It made the product basically unusable. I called them and they said upgrade, we'll give you a 90day free trial! So, they took away functionality and wanted me to pay more for a product without any warning. I stopped using them the same day and moved the company to another solution. They're like Intuit, where good companies go to die.
I switched from Lastpass to Dashlane around the time they took over Xmarks, I quickly but found Dashlane to be very annoying and switched again to Bitwarden. I've been running Vaultwarden (Bitwarden compatible backend) self-hosted for a couple of years and don't plan to change. I've also used Bfolders for several years mainly for secure notes and banking logins, that I'm slowly migrating to Bitwarden/Vaultwarden
Surprised with the comments here that Bitwarden is 'too difficult'.
I have my phone and tablet locked down so Gurgle cannot track me. LastPass wanted me to allow all these trackers and ad sites. I refused to allow access to all of them so it doesn't work on my devices. Then it stopped working on PaleMoon (for the same reasons?). LastPass is now pretty much worthless for me, because I care about my privacy. PaleMoon wants to share too much with nefarious tech giants, I'm afraid.
When I installed LastPass on my Adroid devices, it would not work unless I allowed all these trackers and adware things like Google. My privacy is VERY IMPORTANT TO ME, unlike to lying Gurgle and FaceBUTT. I had my PaleMoon browser pretty much locked down also to prevent most adware and spyware. They made it "better?" for them, so many of my previous addons that kept the bad guys off my computer do not work any more. I blame monopoly moneybags tech companies for this.
Luckily, my past installations of some addons, worked their magic on some of the mysterious inner workings of PaleMoon and are still blocking some bad actors.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
