LastPass enables unlimited devices syncing for free users
LastPass announced today that all users of its password management solution are now able to sync data across all their devices for free.
LastPass is a popular password management solution for desktop and mobile devices that uses the cloud for storage.
The company offers free and premium accounts to its users. Probably the biggest limitation up until now was that free users could only use LastPass on a single device class.
If you started out with LastPass for the desktop, you could sync your password database and other data only to other desktop devices.
If you wanted to use LastPass on mobile devices as well, you had to sign up for a Premium account to do so.
The same was true for the other way round. If you used LastPass on mobile devices, you could not sync to desktop computer systems unless you would upgrade the account to Premium first.
Premium accounts are not overly expensive at $12 per year if you pay annually, but the limitation put the company at a disadvantage when compared to services that did not restrict synchronizations.
Many cloud-based password management services -- Dashlane, 1Password or Sticky Passwords for instance -- have the same or similar limitations in place on the other hand.
The situation changes with today's announcement that all LastPass users can now sync their data across as many devices as they like.
The unlimited devices synchronization feature is no longer a premium feature but available to all users.
This means that you can install LastPass on the desktop as a free user, and sync your data to other desktop or mobile devices without signing up for a LastPass Premium account.
Closing Words
The move will make LastPass more attractive to users, especially those that require a password management solution on desktop and mobile devices but don't want to pay for it.
It will be interesting to see if the decision affects the number of premium subscribers of LastPass.
While Premium users get other options, e.g. more multifactor authentication options, shared folders, and desktop application passwords, it seems likely that unlimited synchronization of passwords and data was one if not the main feature for the majority.
I noticed that once installed on my phone, the LastPass app said I have 59 days left in my Premium trial.
Hopefully once that expires it will still work as a free subscription (I’ve been using it on the desktop for years).
LastPass users should rethink the reasons they are not using KeePass.
IMHO it is too risky to trust password storage to any outside agency. Local storage is less chancy.
My most valuable passwords are not even trusted to KeePass.
Yup. KeePass is definitely a more “correct” solution. But I like LastPass’es service, functionality, and … security model, though you are right… to ensure they are not doing anything nefarious takes some diligence.
I have thought about storing my most valuable passwords in a text file in keybase.io (or even store keepass’s storage there). But, in the end, well… I think their (Lastpass’) service is sound. And, of course, they are well incentive-ized to keep it secure.
There are MANY benefits to having an online backup for passwords. I mean, how am I supposed to convey this any more clearly?
“””
@JR — More clearly? Perhaps by naming one or two of your “MANY benefits”. Please include cost/benefit ratio, where the cost includes uninvited strangers having access to your passwords.
@Kin — The KeePass database is well encrypted, and would be resistant to attack while in transit over the internet, or while sitting there spinning away forever on a dropbox server somewhere. But it’s still not as well protected as a database kept locally only.
“””
One or two benefits. You can use it across platforms, devices. It’s backed up automagically. Etc. Cost benefit? If encrypted, even if the NSA has years to pound on it, if it is solid crypto (and it better well damn be — and it has to be open source, of course) then let them pound away.
As for a local database… sure… security through obscurity, sorta. At least a reduction in access. But if there is an internet access to that database, therefore it is not considered secure unless it is resilient enough as if it were publicly accessible. Using dedicated devices, that have no network ports, etc (airgapped), etc, one can get very “serious” but the best systems, the most serious systems, can be confidently accessed openly. Think Bitcoin. Think GPG encrypted email. Think the lead SELinux guy who used to publish his personal workstation IP address and dare the world to break in. If we want to be pedantic, I can see the value of taking things locally or behind private or limited networks, but it better be resilient enough to be published publicly.
But I think we (commentators) are now nit picking. :)
@JR — More clearly? Perhaps by naming one or two of your “MANY benefits”. Please include cost/benefit ratio, where the cost includes uninvited strangers having access to your passwords.
@Kin — The KeePass database is well encrypted, and would be resistant to attack while in transit over the internet, or while sitting there spinning away forever on a dropbox server somewhere. But it’s still not as well protected as a database kept locally only.
A local database, let’s say kept on a thumb drive which is only plugged in when needed, would be physically hard to find, much less to decrypt. And if that database only had the less important passwords, such as for social club or magazine subscription logins, decrypting it would not be all that rewarding.
For serious accounts, for example financial institutions, I use KeePass or similar to generate a tough password, but not to save it. Then I make a handwritten copy and type in the generated password manually when needed. Works for me anyhow, though if you need to log in someplace ten times a day instead of once or twice a month, the password manager might be handy.
Part of the problem here is that each person has his own risk tolerance, and his own preferred method of organizing his home or office. I’m happy with what I do, though I am always ready to read or listen to ideas from others. It helps if the ideas are from somebody with relevant experience, and if they are logically and intelligently presented, with reasons for and against, such as may be found in the excellent writings of Martin Brinkmann on Ghacks.
If you read around, you will find that many keepass users often store their database on dropbox so it’s available on multiple computers. So…
The multifactor authentication options in the free version are also still limited:
http://imgur.com/mRDxCzO
So if you rely on fingerprint authentication, you still have to pay for the premium version like me.
Two questions come to mind:
1. I’ve been using Lastpass premium for the last few years, and right now I’m not sure what’s the benefit. The free edition offers the same functionality (at least for consumers, not enterprise users)
2. It’s obvious that “free” has its own price. What is it going to be for Lastpass? Also, what guarantees the free users have in a case that the Lastpass servers are hacked?
Update: just checked the Lastpass web site, and found two magic words that separate the free and the premium services: “Ad Free”. You also get a 1GB encrypted storage.
More than anything, I pay them because I like the service and I want them to stay in business. It’s $12 per year. Say that aloud. :)
I’m not a LastPass user so cannot comment on that. Does anyone know where ads are displayed? Inside the client? That storage is for attachments, right?
This is good news of course, but as a side-note the Firefox add-on is getting bigger and bigger. I remember a 3MB size when I had tried it a few years ago, now I read on LastPass’ AMO page : “Version 3.3.1 Released March 4, 2016 6.4 MB”
6.4 MB for a password manager, moreover in its add-on only version? Seems really fat.
Whew! Really chewing up the HD now ain’t it! If this goes to 15MB I might have to buy another HD.
Lots of it is graphics for the gui, not code. V4 is 12 Mb