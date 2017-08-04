Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier (neowin.net) 53
An anonymous reader shares a report: In November, LastPass made a big change to its service, allowing users to keep track of their passwords across all their internet-enabled mobile and desktop devices, free of charge. In addition to the free tier, the cross-platform password manager - available on iOS, Android, and Windows 10 -- also offered a Premium plan with additional features, priced at $12 per year. Today, LastPass announced another wave of changes to its lineup for individual users -- but this time, the changes are unlikely to be welcomed with open arms by its customers. LastPass Premium has now doubled in price to $24 a year, which includes "emergency access, the ability to share single passwords and items with multiple people, priority tech support, advanced multi-factor authentication, LastPass for applications, and 1GB of encrypted file storage," along with all the other features of the Free tier. In a statement, the company said, "While LastPass Free continues to offer access on all browsers and devices and the core LastPass password management functionality, unlimited sharing and emergency access are now Premium features. Free users will be able to share one item with one other individual.
That post is almost illegible. Did you do that on purpose?
And please, don't start crying about unicode
Not a bad idea, if one is afraid of the browser quitting any time and eating that composing time w/ it. A lot of people, after being burned, adapted this policy. And yeah, it's perfectly legitimate to scream about Unicode: Android, iOS and even Windows 10 supports it, but Slashdot doesn't. And renders posts in ridiculous ways out here.
Actually, I *did* type it in Word on Windows 10, but what's interesting is I pasted it into Notepad and replaced all the Unicode, but apprently Notepad really didn't replace them...
I use passwords.txt. (Score:1)
Format:
# SomeShittySite
username / password
# AnotherShittySite
username / password
# AThirdShittySite
username / password
$0/year. You can have this "service" for free.
I do the same, except I have the same 6 byte prefix for all the passwords. So if a password is listed in "passwords.txt" as "correctHorseBatteryStaple" the real password is "7Rz8t5correctHorseBatteryStaple". If anyone gets access to my list, they won't know the prefix, or even know that there is a prefix.
If you're gonna store your passwords locally, it needs to be encrypted with a single master password which you never write down.
"Lastpassholes hobble free tier, jack prices" (Score:2)
FT headline FY.
Never understood the whole, "here Internet, take my passwords" mentality anyway.
1GB? (Score:2)
A hosted 1GB of storage is kinda dinky compared to all the providers where one can get cloud storage but the infrastructure to provide it properly isn't all that cheap. I can't help but wonder why they thought to tack this on to their service.
Maybe it's meant to cover all your stored password data, notes, etc in aggregate.
Because there are people who will look at it as a kind of steganographic file system and try to store a bunch of non-password data in LastPass under the idea that it's more secure than most file sharing systems, an unconventional place to put it, and possibly provides greater legal protection that file sharing specifically (I don't know if this last bit is true, but I guess I'd see it harder for the cops to get a warrant for yo
My only thought is simplified remote encrypted storage? Something I don't really see the other providers doing. For basic personal documents, I think this would be worth it (think life insurance, social security, etc)
The Drawback of the Cloud (Score:2)
Once you become dependent on cloud services, they are no longer in your service, you are in theirs.
Had no idea this was even a thing (Score:3)
Re:Had no idea this was even a thing (Score:5, Informative)
They don't. They keep encrypted versions of your passwords. All encryption/decryption happens locally.
They keep encrypted versions of your passwords. All encryption/decryption happens locally.
Ummmm...yeah. I'm sure they do. And I promise I won't cum in your mouth. Pinky promise.
Ummmm...yeah. I'm sure they do. And I promise I won't cum in your mouth. Pinky promise.
So do you work for a competitor or did you just want to comment without reading up on how the encryption is done locally with audited viewable-source code in the browser extensions?
It is a gamble. For a lot of users, having randomly generated passwords that are stuffed in a PW database is more secure than having them have "hunter2" for their bank, "swordfish" for their Facebook account, etc. The chance of a mass compromise of a Lastpass is definitely less than having one's password revealed to the world the next time some company's list of hashed PWs gets snarfed.
Even with the potential hazard, if combined with 2FA, the hazard of a compromised password is reduced significantly.
> Furthermore I can't comprehend why anyone would think such a service is safe to use in the first place
It's safe because the data is encrypted on your local computer/device. The encrypted data is sent up to the cloud. The company doesn't have any key that can be used to decrypt it.
You do have to guard your master password! But most of us can memorize one good password.
You also have to trust the company to not have their product leak your master password to them.
$24 seems kind of high (Score:3)
I just renewed recently while it was still $12/year. I feel that $24/year is a bit high. But on the other side, I would never need any of the premium features. That said, I'm happy to pay $12 per year for their service to help a great company. Lastpass has been solid and their service is indispensible.
No objection (Score:3)
I've been using LastPass for many years. I used to use Password Safe, which is strictly local. But they had me at "all popular platforms including Linux".
I have no objection to the price increase. They deserve it, and no doubt will use the money to make the product even better.
Great - count me in (Score:2)
I was a Premium user since they launched. The changes to the free tier last year caught me by surprise, and sure enough, since I had no reason to pay for Premium I stopped. I remember getting an automated questionnaire as to why I stopped being a Premium customer and I explained clearly that they now offered the full feature set I was interested in in the free tier.
Now they're apparently changing it so that one feature I want (emergency access) becomes part of the Premium package. Fair enough, they'll get m
I use KeePass (Score:2)
I've used KeePass for years now, and while I don't have all the fancy password sharing features I do have my passwords, in a format I trust, available on my PCs and phone. I haven't yet seen a reason to switch.
Just use KeePass (Score:1)
Keepass & NextCloud.. (Score:2)
So why not use a local app and cloud storage service? I use Keepass and NextCloud but could easily use GoogleDrive or DropBox or somesuch. The encrypted file doesn't take up that much space and you can sync it to whatever device you want.