Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Businesses The Almighty Buck IT

Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier (neowin.net) 156

An anonymous reader shares a report: In November, LastPass made a big change to its service, allowing users to keep track of their passwords across all their internet-enabled mobile and desktop devices, free of charge. In addition to the free tier, the cross-platform password manager - available on iOS, Android, and Windows 10 -- also offered a Premium plan with additional features, priced at $12 per year. Today, LastPass announced another wave of changes to its lineup for individual users -- but this time, the changes are unlikely to be welcomed with open arms by its customers. LastPass Premium has now doubled in price to $24 a year, which includes "emergency access, the ability to share single passwords and items with multiple people, priority tech support, advanced multi-factor authentication, LastPass for applications, and 1GB of encrypted file storage," along with all the other features of the Free tier. In a statement, the company said, "While LastPass Free continues to offer access on all browsers and devices and the core LastPass password management functionality, unlimited sharing and emergency access are now Premium features. Free users will be able to share one item with one other individual.
This discussion has been archived. No new comments can be posted.

Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier

Comments Filter:
  • by Anonymous Coward

    Format:

    # SomeShittySite
    username / password

    # AnotherShittySite
    username / password

    # AThirdShittySite
    username / password

    $0/year. You can have this "service" for free.

    • by ShanghaiBill ( 739463 ) on Friday August 04, 2017 @03:40PM (#54943075)

      I do the same, except I have the same 6 byte prefix for all the passwords. So if a password is listed in "passwords.txt" as "correctHorseBatteryStaple" the real password is "7Rz8t5correctHorseBatteryStaple". If anyone gets access to my list, they won't know the prefix, or even know that there is a prefix.

      • Yeah, I do something very similar except my prefix is a calculation, not an addition, and I don't bother with a text file, I keep it all in my head. I also segregate passwords into tiers, depending on the service. Throwaway web accounts do not need the complexity my online banking does. I do have an encrypted excel file for my wife to use should something happen to me though...
        • by vux984 ( 928602 )

          I do something very similar except my prefix is a calculation,

          I used to do that. Then sites started having breaches, and that would require me to change the password I used, and the calculation method doesn't cope with that well.

          And other sites with goofy rules about password expiration/rotation, or stupid lenth requirements (forcing me to use shorter passwords than i want, or omit punctionation etc...)

          It started to be much too difficult to keep in my head all the exceptions to the "rule".

          • And other sites with goofy rules about password expiration/rotation, or stupid lenth requirements (forcing me to use shorter passwords than i want, or omit punctionation etc...)

            This is where the 'tiers' come in. Lax password requirements/burner email addresses? Low tier. Most stuff? Medium Tier. Online banking/Sites with crazy requirements? Multiple 20 digit alphanumerics.
      • That's amazing! I have the same combination on my luggage!
    • Sony did the same thing. And when they got hacked, all their passwords were revealed to the world too.

      If you're gonna store your passwords locally, it needs to be encrypted with a single master password which you never write down.
    • Yeah, but that's not automatically available from any device. Lastpass allows that. I adapted LastPass but do not need any of the extra features, just the simple logins & passwords. Note, however, that LastPass also allows you to store things like Credit Card information (in case one gets stolen), DMV, WiFi SSIDs, Bank Accounts, Router info, et al. All of it quite handy. I don't need emergency access, tech support, ability to share, multi factor authentication or ability to share or any of that
    • You obviously have no clue of what you are saying and/or the implicancies of needing to store ~600 different logins, ssh keys and texts securely and still available wherever you go. Oh,and have the tool do the searching and autologin for you.
  • "Lastpassholes hobble free tier, jack prices"

    FT headline FY.

    Never understood the whole, "here Internet, take my passwords" mentality anyway.
    • Never understood the whole, "here Internet, take my passwords" mentality anyway.

      They don't have your passwords---at least, not in a usable form.

      You create a master password for the application. It encrypts your unique, per-site passwords and syncs them. LastPass only sees encrypted data.

      Meanwhile, you can create a strong, unique password for every site that you use. You can even use unique names to obstruct doxxing.

      The application acts as a local database so that you don't have to remember each and every logon. Your security is a little easier, and they have nothing useful assuming the

  • A hosted 1GB of storage is kinda dinky compared to all the providers where one can get cloud storage but the infrastructure to provide it properly isn't all that cheap. I can't help but wonder why they thought to tack this on to their service.

    • by swb ( 14022 )

      Maybe it's meant to cover all your stored password data, notes, etc in aggregate.

      Because there are people who will look at it as a kind of steganographic file system and try to store a bunch of non-password data in LastPass under the idea that it's more secure than most file sharing systems, an unconventional place to put it, and possibly provides greater legal protection that file sharing specifically (I don't know if this last bit is true, but I guess I'd see it harder for the cops to get a warrant for yo

    • by darkain ( 749283 )

      My only thought is simplified remote encrypted storage? Something I don't really see the other providers doing. For basic personal documents, I think this would be worth it (think life insurance, social security, etc)

      • For basic personal documents, I think this would be worth it (think life insurance, social security, etc)

        Agreed but both the local and remote copies need to be encrypted and require password access. My current solution for this is an encrypted disk image on Dropbox which works fine as long as the image can be kept reasonably small (few 100 MB).

  • by sehlat ( 180760 ) on Friday August 04, 2017 @03:40PM (#54943073)

    Once you become dependent on cloud services, they are no longer in your service, you are in theirs.

  • Furthermore I can't comprehend why anyone would think such a service is safe to use in the first place. Typical 'Cloud' service: Get you used to it, then rip the rug right out from under you. Also, as previously stated: Why would anyone think something like this is safe or a good idea in the first place? Let a bunch of faceless strangers on the Internet keep all your passwords for you?
    • by msauve ( 701917 ) on Friday August 04, 2017 @03:43PM (#54943093)
      "Let a bunch of faceless strangers on the Internet keep all your passwords for you?"

      They don't. They keep encrypted versions of your passwords. All encryption/decryption happens locally.
      • by AmiMoJo ( 196126 ) on Friday August 04, 2017 @04:35PM (#54943535) Homepage Journal

        The real issue with LastPass is that it runs in a browser. The most common way of using it is a browser add-on, and it's been found vulnerable in the past.

        Much better to have a separate app and copy/paste. Javascript is not secure.

        Also, KeePass is free and you can sync the database via your own server or any number of free services.

        • Unfortunately, copy/paste isn't so secure either.

          • by Anonymous Coward

            KeePass has at least two ways of password-transfer that do not involve copy/paste:

            1. Auto-fill using global hotkey: press hotkey, enter master password, username+tab+password+enter is "typed" into the active window.
            2. Drag-and-drop text using the mouse pointer.

            Neither of these are KeePass-specific, but KeePass does them very well.

        • by Anonymous Coward

          Much better to have a separate app and copy/paste. Javascript is not secure.

          JS isn't the root problem here. The security context is. If the browser gets compromised so is any code that it runs, or any memory that it has allocated, as a result. If it can launch a new process, so is that process and any descendant it makes. Anything on disk that it has permission to open is compromised, anything it has permission to write is infectable. Any connection it has the ability to listen on is compromised, any connec

    • by jtara ( 133429 )

      > Furthermore I can't comprehend why anyone would think such a service is safe to use in the first place

      It's safe because the data is encrypted on your local computer/device. The encrypted data is sent up to the cloud. The company doesn't have any key that can be used to decrypt it.

      You do have to guard your master password! But most of us can memorize one good password.

  • by execthis ( 537150 ) on Friday August 04, 2017 @03:48PM (#54943125)

    I just renewed recently while it was still $12/year. I feel that $24/year is a bit high. But on the other side, I would never need any of the premium features. That said, I'm happy to pay $12 per year for their service to help a great company. Lastpass has been solid and their service is indispensible.

  • No objection (Score:4, Interesting)

    by jtara ( 133429 ) on Friday August 04, 2017 @03:52PM (#54943153)

    I've been using LastPass for many years. I used to use Password Safe, which is strictly local. But they had me at "all popular platforms including Linux".

    I have no objection to the price increase. They deserve it, and no doubt will use the money to make the product even better.

    • Should have been "all popular platforms, and then Linux, too".
    • I switched to EnPass, which runs locally on your machine (encrypted) and a browser addon uses a websocket to connect the two. Which means it doesn't inject itself into every page like Lastpass. Also LastPass tends to cause Firefox to take fits.

      EnPass runs on pretty much any platform:

      iOS, Android, Blackberry, macOS, Windows, Linux, USB-Stick, Chromebook

  • Great - count me in (Score:4, Interesting)

    by Troed ( 102527 ) on Friday August 04, 2017 @04:00PM (#54943231) Homepage Journal

    I was a Premium user since they launched. The changes to the free tier last year caught me by surprise, and sure enough, since I had no reason to pay for Premium I stopped. I remember getting an automated questionnaire as to why I stopped being a Premium customer and I explained clearly that they now offered the full feature set I was interested in in the free tier.

    Now they're apparently changing it so that one feature I want (emergency access) becomes part of the Premium package. Fair enough, they'll get me back as a Premium customer. LastPass is one of those tools I happily pay for, no questions asked.

  • I use KeePass (Score:5, Informative)

    by b0bby ( 201198 ) on Friday August 04, 2017 @04:01PM (#54943247)

    I've used KeePass for years now, and while I don't have all the fancy password sharing features I do have my passwords, in a format I trust, available on my PCs and phone. I haven't yet seen a reason to switch.

    • by idji ( 984038 )
      and with the keepass files in dropbox, my passwords are auto synched to my wife's laptop and vice versa. Pressing CTRL-S on a password file synchs it. and with dropbox and minikeepass on my iphone they all synch to my smartphone.
      • Last i saw Minikeepass on iPhone still did not support the new Keepass XML format or encryption. You found anything else for iOS? Still looking for my iOS friends. Android was easy.

  • Just use KeePass (Score:5, Insightful)

    by chaotixx ( 563211 ) on Friday August 04, 2017 @04:08PM (#54943301)
    Just use open source KeePass to hold your passwords and use DropBox to sync your encrypted database between computers/phones/tablets. Works great between Windows, iOS, and Android at least. http://keepass.info/ [keepass.info]
    • I do exactly this. Has worked well for me for several years.
    • by jukk ( 781719 )
      I've also been using keepass for years with password file in Dropbox. Syncs between all of my devices including linux PCs and Jolla phone (Sailfish). Even on terminal with keepassc (dropbox works also fine in terminal). Then there is an increasing number of sites accepting TOTP 2FA. You then also need your phone or tablet with a TOTP application, but it doesn't feel like too much hassle.
  • by erktrek ( 473476 ) on Friday August 04, 2017 @04:15PM (#54943371)

    So why not use a local app and cloud storage service? I use Keepass and NextCloud but could easily use GoogleDrive or DropBox or somesuch. The encrypted file doesn't take up that much space and you can sync it to whatever device you want.

  • I just use gandalf as my password everywhere. If they require letters and digits then I use gandalf1.
  • In other news, people still use services what that store all the keys to the kingdom...and now, those services have extended to sharing your passwords to others. :sigh: it's like laziness and lack of security is a virtue these days...
  • If I'm understanding things right, what they're doing is basically pulling some features out of Free and making them Premium only (I'm ok with this), but they're doubling the price of Premium without actually adding any additional benefit to the users.

    I cancelled my Netflix account when they tried this same stuff lo those many years ago. I understand the need to raise prices, but generally speaking, a naked money grab doesn't tend to go over well with users, A moderate raise in the yearly price, ok, not tha

  • You can't trust closed source, proprietary software, full stop. It may be ethical and secure today but how will you know when that changes if nobody but the company selling you the software/service can do a security and privacy audit? And what if they get a national security letter one day and push an update that sends all your passwords and usernames to the NSA?
  • They haven't even figured out how to implement proper support on mobile devices and they are raising the price? Hah! On Android, their only real 'supported' method is using Android accessibility services that drastically slow down the device and reduce battery life (it's meant for REAL accessibility needs like blindness, etc.). If you try to avoid that option your only other options are a glitchy Android 2.3 era keyboard or their internal browser. Thanks, but no thanks. The password manager built into
  • Someone raised their price. Who cares?
  • It used to be called STRIP and they have been around since Palm was popular. It doesn't sync to their servers. If you want to sync between devices you log into Dropbox or Google Drive or you can sync over Wi-Fi from the mobile device to the desktop app. It stores the passwords in an strongly encrypted file on your account.

    The application itself could use polish but it is very stable and it does everything that I need. It lets you add custom fields. The developers are quick to respond to queries. It's stable

  • password just stopped working in the middle of the night

    LastPass websites now demanded a full year payment up front to get access to MY PASSWORDS on their servers

    Disabled person SSD cut off from online banking in the lat on Friday night
    Not one email sent to warn me

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...